Cross-Model Anecdotes – full_cve_ids_3.1_header · seed=42 · metric=i
Models: xlnet, lrp-bert, lrp-distilbert

#1 · cve_id CVE-2019-20213 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
D-Link ▁D IR - 8 59 routers ▁before ▁v 1 . 07 b 03 _ bet a ▁allow Unauthenticated ▁In for matio n Disclosure ▁via ▁the ▁A UT HOR I Z ED _ G RO UP = 1% 0 a ▁value ▁as ▁demonstrated ▁by ▁v p n config . php . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value as demonstrated by vpnconfig.php.
SHAP (words)
D- Link DIR- 859 routers before v1. 07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP= 1% 0a value as demonstrated by vpnconfig. php
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] D-Link D IR - 85 ##9 routers before v ##1 . 07 ##b ##0 ##3 _ beta allow Unauthenticated In ##fo ##r matio n Disclosure via the AU ##TH ##OR ##I ##Z ##ED _ G ##RO ##UP = 1 % 0 ##a value as demonstrated by v ##p ##n config . php . [SEP]
LRP (+Pred, pos-only)
[CLS] D-Link D IR - 85 ##9 routers before v ##1 . 07 ##b ##0 ##3 _ beta allow Unauthenticated In ##fo ##r matio n Disclosure via the AU ##TH ##OR ##I ##Z ##ED _ G ##RO ##UP = 1 % 0 ##a value as demonstrated by v ##p ##n config . php . [SEP]
LIME (words)
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value as demonstrated by vpnconfig.php.
SHAP (words)
D- Link DIR- 859 routers before v1. 07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP= 1% 0a value as demonstrated by vpnconfig. php
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] D-Link D IR - 85 ##9 routers before v ##1 . 07 ##b ##0 ##3 _ beta allow Unauthenticated In ##fo ##r matio n Disclosure via the AU ##TH ##OR ##I ##Z ##ED _ G ##RO ##UP = 1 % 0 ##a value as demonstrated by v ##p ##n config . php . [SEP]
LRP (+Pred, pos-only)
[CLS] D-Link D IR - 85 ##9 routers before v ##1 . 07 ##b ##0 ##3 _ beta allow Unauthenticated In ##fo ##r matio n Disclosure via the AU ##TH ##OR ##I ##Z ##ED _ G ##RO ##UP = 1 % 0 ##a value as demonstrated by v ##p ##n config . php . [SEP]
LIME (words)
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value as demonstrated by vpnconfig.php.
SHAP (words)
D- Link DIR- 859 routers before v1. 07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP= 1% 0a value as demonstrated by vpnconfig. php
#2 · cve_id CVE-2023-0128 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Use ▁after ▁free ▁in ▁Overview ▁Mode ▁in ▁Google Chrome ▁on Chrome ▁OS ▁prior ▁to ▁109 . 0 . 54 14 . 74 ▁allowed ▁a ▁remote ▁attacker ▁who ▁convinced ▁a ▁user ▁to ▁engage ▁in spec ific UI ▁interactions ▁to ▁potentially ▁exploit ▁heap ▁corruption ▁via ▁a ▁crafted HTML ▁page . ( Chromium ▁security ▁severity : ▁High ) <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
SHAP (words)
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109. 0. 5414. 74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. ( Chromium security severity: High
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Use after free in Over ##view Mode in Google Chrome on Chrome OS prior to 109 . 0 . 54 ##14 . 74 allowed a remote attacker who convinced a user to engage in spec if ##ic UI int era ##ctions to potentially exploit heap corruption via a crafted HTML page . ( Chromium se ##c uri t ##y severity : High ) [SEP]
LRP (+Pred, pos-only)
[CLS] Use after free in Over ##view Mode in Google Chrome on Chrome OS prior to 109 . 0 . 54 ##14 . 74 allowed a remote attacker who convinced a user to engage in spec if ##ic UI int era ##ctions to potentially exploit heap corruption via a crafted HTML page . ( Chromium se ##c uri t ##y severity : High ) [SEP]
LIME (words)
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
SHAP (words)
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109. 0. 5414. 74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. ( Chromium security severity: High
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Use after free in Over ##view Mode in Google Chrome on Chrome OS prior to 109 . 0 . 54 ##14 . 74 allowed a remote attacker who convinced a user to engage in spec if ##ic UI int era ##ctions to potentially exploit heap corruption via a crafted HTML page . ( Chromium se ##c uri t ##y severity : High ) [SEP]
LRP (+Pred, pos-only)
[CLS] Use after free in Over ##view Mode in Google Chrome on Chrome OS prior to 109 . 0 . 54 ##14 . 74 allowed a remote attacker who convinced a user to engage in spec if ##ic UI int era ##ctions to potentially exploit heap corruption via a crafted HTML page . ( Chromium se ##c uri t ##y severity : High ) [SEP]
LIME (words)
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
SHAP (words)
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109. 0. 5414. 74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. ( Chromium security severity: High
#3 · cve_id CVE-2022-2363 · i
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁which ▁was cla ssi fi ed ▁as ▁problematic ▁has ▁been ▁found ▁in SourceCodester ▁Simple ▁Park ing Manage ment ▁System ▁1 . 0 . Affected ▁by ▁this ▁issue ▁is ▁some ▁unknown ▁functionality ▁of ▁the ▁file / ci _ s pm s / admin / search / search ing / . ▁The ▁manipulation ▁of ▁the ▁argument ▁search ▁with ▁the ▁input " > < sc ▁rip t > al ert ( " XSS " ) </ sc ▁rip t > ▁leads ▁to ▁cross ▁site scripting . ▁The ▁attack ▁may ▁be ▁launched ▁remotely . ▁The ▁exploit ▁has ▁been disclose d ▁to ▁the ▁public ▁and ▁may ▁be ▁used . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability which was classified as problematic has been found in SourceCodester Simple Parking Management System 1.0. Affected by this issue is some unknown functionality of the file /ci_spms/admin/search/searching/. The manipulation of the argument search with the input "><script>alert("XSS")</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SHAP (words)
A vulnerability which was classified as problematic has been found in SourceCodester Simple Parking Management System 1. 0. Affected by this issue is some unknown functionality of the file / ci_spms/ admin/ search/ searching/. The manipulation of the argument search with the input ">< script> alert(" XSS")</ script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability which was c ##la ssi fi ##ed as problematic has been found in SourceCodester Simple Park ##ing Manage men ##t System 1 . 0 . Affected by this issue is some unknown functionality of the file / c ##i _ s ##pm ##s / admin / search / searching / . The man ip ul ##ation of the argument search with the input " > < sc r ip t > alert ( " XSS " ) < / sc r ip t > leads to cross s ite scripting . The attack may be launched remotely . The exploit has been disclose d to the public and may be used . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability which was c ##la ssi fi ##ed as problematic has been found in SourceCodester Simple Park ##ing Manage men ##t System 1 . 0 . Affected by this issue is some unknown functionality of the file / c ##i _ s ##pm ##s / admin / search / searching / . The man ip ul ##ation of the argument search with the input " > < sc r ip t > alert ( " XSS " ) < / sc r ip t > leads to cross s ite scripting . The attack may be launched remotely . The exploit has been disclose d to the public and may be used . [SEP]
LIME (words)
A vulnerability which was classified as problematic has been found in SourceCodester Simple Parking Management System 1.0. Affected by this issue is some unknown functionality of the file /ci_spms/admin/search/searching/. The manipulation of the argument search with the input "><script>alert("XSS")</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SHAP (words)
A vulnerability which was classified as problematic has been found in SourceCodester Simple Parking Management System 1. 0. Affected by this issue is some unknown functionality of the file / ci_spms/ admin/ search/ searching/. The manipulation of the argument search with the input ">< script> alert(" XSS")</ script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability which was c ##la ssi fi ##ed as problematic has been found in SourceCodester Simple Park ##ing Manage men ##t System 1 . 0 . Affected by this issue is some unknown functionality of the file / c ##i _ s ##pm ##s / admin / search / searching / . The man ip ul ##ation of the argument search with the input " > < sc r ip t > alert ( " XSS " ) < / sc r ip t > leads to cross s ite scripting . The attack may be launched remotely . The exploit has been disclose d to the public and may be used . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability which was c ##la ssi fi ##ed as problematic has been found in SourceCodester Simple Park ##ing Manage men ##t System 1 . 0 . Affected by this issue is some unknown functionality of the file / c ##i _ s ##pm ##s / admin / search / searching / . The man ip ul ##ation of the argument search with the input " > < sc r ip t > alert ( " XSS " ) < / sc r ip t > leads to cross s ite scripting . The attack may be launched remotely . The exploit has been disclose d to the public and may be used . [SEP]
LIME (words)
A vulnerability which was classified as problematic has been found in SourceCodester Simple Parking Management System 1.0. Affected by this issue is some unknown functionality of the file /ci_spms/admin/search/searching/. The manipulation of the argument search with the input "><script>alert("XSS")</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SHAP (words)
A vulnerability which was classified as problematic has been found in SourceCodester Simple Parking Management System 1. 0. Affected by this issue is some unknown functionality of the file / ci_spms/ admin/ search/ searching/. The manipulation of the argument search with the input ">< script> alert(" XSS")</ script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used
#4 · cve_id CVE-2019-10743 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁All ▁versions ▁of ▁archive r ▁allow ▁attacker ▁to ▁perform ▁a Zip ▁Slip ▁attack ▁via ▁the " un arch ive " ▁functions . ▁It ▁is ▁exploited ▁using ▁a spec i ally ▁crafted ▁zip ▁archive ▁that ▁holds ▁path traversal filenames . ▁When ▁exploited ▁a filename ▁in ▁a malicious ▁archive ▁is concatenated ▁to ▁the ▁target ▁extraction ▁directory ▁which ▁results ▁in ▁the ▁final ▁path ▁ending ▁up ▁out sid e ▁of ▁the ▁target ▁folder . ▁For ▁instance ▁a ▁zip ▁may ▁hold ▁a ▁file ▁with ▁a " . . / . . / file . ex e " ▁location ▁and ▁thus ▁break ▁out ▁of ▁the ▁target ▁folder . ▁If ▁an executable ▁or ▁a ▁configuration ▁file ▁is overwritten ▁with ▁a ▁file ▁containing malicious ▁code ▁the ▁problem ▁can ▁turn ▁into ▁an ▁arbitrary ▁code ▁execution ▁issue ▁quite ▁easily . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive that holds path traversal filenames. When exploited a filename in a malicious archive is concatenated to the target extraction directory which results in the final path ending up outside of the target folder. For instance a zip may hold a file with a "../../file.exe" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code the problem can turn into an arbitrary code execution issue quite easily.
SHAP (words)
All versions of archiver allow attacker to perform a Zip Slip attack via the " unarchive" functions. It is exploited using a specially crafted zip archive that holds path traversal filenames. When exploited a filename in a malicious archive is concatenated to the target extraction directory which results in the final path ending up outside of the target folder. For instance a zip may hold a file with a "../../ file. exe" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code the problem can turn into an arbitrary code execution issue quite easily
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] All versions of archive ##r allow attacker to perform a Zip S ##l ip attack via the " un ##ar ##chi ##ve " functions . It is ex ##p ##lo ite d using a spec i ##ally crafted zip archive that holds path traversal filenames . When ex ##p ##lo ite d a filename in a malicious archive is concatenated to the tar get extraction directory which results in the final path ending up out sid e of the tar get folder . For instance a zip may hold a file with a " . . / . . / file . ex ##e " location and thus break out of the tar get folder . If an executable or a config u ##ration file is overwritten with a file containing malicious code the problem can turn int o an arbitrary code exec u ##tion issue q ##u ite easily . [SEP]
LRP (+Pred, pos-only)
[CLS] All versions of archive ##r allow attacker to perform a Zip S ##l ip attack via the " un ##ar ##chi ##ve " functions . It is ex ##p ##lo ite d using a spec i ##ally crafted zip archive that holds path traversal filenames . When ex ##p ##lo ite d a filename in a malicious archive is concatenated to the tar get extraction directory which results in the final path ending up out sid e of the tar get folder . For instance a zip may hold a file with a " . . / . . / file . ex ##e " location and thus break out of the tar get folder . If an executable or a config u ##ration file is overwritten with a file containing malicious code the problem can turn int o an arbitrary code exec u ##tion issue q ##u ite easily . [SEP]
LIME (words)
All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive that holds path traversal filenames. When exploited a filename in a malicious archive is concatenated to the target extraction directory which results in the final path ending up outside of the target folder. For instance a zip may hold a file with a "../../file.exe" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code the problem can turn into an arbitrary code execution issue quite easily.
SHAP (words)
All versions of archiver allow attacker to perform a Zip Slip attack via the " unarchive" functions. It is exploited using a specially crafted zip archive that holds path traversal filenames. When exploited a filename in a malicious archive is concatenated to the target extraction directory which results in the final path ending up outside of the target folder. For instance a zip may hold a file with a "../../ file. exe" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code the problem can turn into an arbitrary code execution issue quite easily
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] All versions of archive ##r allow attacker to perform a Zip S ##l ip attack via the " un ##ar ##chi ##ve " functions . It is ex ##p ##lo ite d using a spec i ##ally crafted zip archive that holds path traversal filenames . When ex ##p ##lo ite d a filename in a malicious archive is concatenated to the tar get extraction directory which results in the final path ending up out sid e of the tar get folder . For instance a zip may hold a file with a " . . / . . / file . ex ##e " location and thus break out of the tar get folder . If an executable or a config u ##ration file is overwritten with a file containing malicious code the problem can turn int o an arbitrary code exec u ##tion issue q ##u ite easily . [SEP]
LRP (+Pred, pos-only)
[CLS] All versions of archive ##r allow attacker to perform a Zip S ##l ip attack via the " un ##ar ##chi ##ve " functions . It is ex ##p ##lo ite d using a spec i ##ally crafted zip archive that holds path traversal filenames . When ex ##p ##lo ite d a filename in a malicious archive is concatenated to the tar get extraction directory which results in the final path ending up out sid e of the tar get folder . For instance a zip may hold a file with a " . . / . . / file . ex ##e " location and thus break out of the tar get folder . If an executable or a config u ##ration file is overwritten with a file containing malicious code the problem can turn int o an arbitrary code exec u ##tion issue q ##u ite easily . [SEP]
LIME (words)
All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive that holds path traversal filenames. When exploited a filename in a malicious archive is concatenated to the target extraction directory which results in the final path ending up outside of the target folder. For instance a zip may hold a file with a "../../file.exe" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code the problem can turn into an arbitrary code execution issue quite easily.
SHAP (words)
All versions of archiver allow attacker to perform a Zip Slip attack via the " unarchive" functions. It is exploited using a specially crafted zip archive that holds path traversal filenames. When exploited a filename in a malicious archive is concatenated to the target extraction directory which results in the final path ending up outside of the target folder. For instance a zip may hold a file with a "../../ file. exe" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code the problem can turn into an arbitrary code execution issue quite easily
#5 · cve_id CVE-2019-9303 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In lib FD K ▁there ▁is ▁a ▁po ssi ble ▁out ▁of ▁bound s ▁write ▁due ▁to ▁an ▁integer overflow . ▁This ▁could ▁lead ▁to ▁remote ▁code ▁execution ▁with ▁no ▁additional ▁execution ▁privileges ▁needed . User ▁interaction ▁is ▁needed ▁for ▁exploitation . ▁Product : ▁Android Versions : ▁Android - 10 And roid ▁ID : ▁A - 1 12 66 10 57 <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In libFDK there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661057
SHAP (words)
In libFDK there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android- 10Android ID: A- 112661057
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In l ##ib ##F ##D ##K there is a p ##o ssi b ##le out of bounds w ##r ite due to an int e ##ger overflow . This could lead to remote code exec u ##tion with no additional exec u ##tion privileges needed . User int era ##ction is needed for exploitation . Product : Android Versions : Android - 10 ##A ##nd ##roid ID : A - 112 ##6 ##6 ##10 ##5 ##7 [SEP]
LRP (+Pred, pos-only)
[CLS] In l ##ib ##F ##D ##K there is a p ##o ssi b ##le out of bounds w ##r ite due to an int e ##ger overflow . This could lead to remote code exec u ##tion with no additional exec u ##tion privileges needed . User int era ##ction is needed for exploitation . Product : Android Versions : Android - 10 ##A ##nd ##roid ID : A - 112 ##6 ##6 ##10 ##5 ##7 [SEP]
LIME (words)
In libFDK there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661057
SHAP (words)
In libFDK there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android- 10Android ID: A- 112661057
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In l ##ib ##F ##D ##K there is a p ##o ssi b ##le out of bounds w ##r ite due to an int e ##ger overflow . This could lead to remote code exec u ##tion with no additional exec u ##tion privileges needed . User int era ##ction is needed for exploitation . Product : Android Versions : Android - 10 ##A ##nd ##roid ID : A - 112 ##6 ##6 ##10 ##5 ##7 [SEP]
LRP (+Pred, pos-only)
[CLS] In l ##ib ##F ##D ##K there is a p ##o ssi b ##le out of bounds w ##r ite due to an int e ##ger overflow . This could lead to remote code exec u ##tion with no additional exec u ##tion privileges needed . User int era ##ction is needed for exploitation . Product : Android Versions : Android - 10 ##A ##nd ##roid ID : A - 112 ##6 ##6 ##10 ##5 ##7 [SEP]
LIME (words)
In libFDK there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661057
SHAP (words)
In libFDK there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android- 10Android ID: A- 112661057
#6 · cve_id CVE-2022-38307 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁LI EF ▁commit ▁5 d 1 d 64 3 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a segmentation ▁violation ▁via ▁the ▁function ▁LI EF : : M ach O : : Segment ▁Command : : file _ off set ( ) ▁at / M ach O / Segment ▁Command . c pp . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp.
SHAP (words)
LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF:: MachO:: SegmentCommand:: file_offset() at / MachO/ SegmentCommand. cpp
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] L IE F commit 5 ##d ##1 ##d ##64 ##3 was di sc over ##ed to contain a segmentation violation via the function L IE F : : Mac ##h ##O : : Segment Command : : file _ offset ( ) at / Mac ##h ##O / Segment Command . c ##pp . [SEP]
LRP (+Pred, pos-only)
[CLS] L IE F commit 5 ##d ##1 ##d ##64 ##3 was di sc over ##ed to contain a segmentation violation via the function L IE F : : Mac ##h ##O : : Segment Command : : file _ offset ( ) at / Mac ##h ##O / Segment Command . c ##pp . [SEP]
LIME (words)
LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp.
SHAP (words)
LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF:: MachO:: SegmentCommand:: file_offset() at / MachO/ SegmentCommand. cpp
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] L IE F commit 5 ##d ##1 ##d ##64 ##3 was di sc over ##ed to contain a segmentation violation via the function L IE F : : Mac ##h ##O : : Segment Command : : file _ offset ( ) at / Mac ##h ##O / Segment Command . c ##pp . [SEP]
LRP (+Pred, pos-only)
[CLS] L IE F commit 5 ##d ##1 ##d ##64 ##3 was di sc over ##ed to contain a segmentation violation via the function L IE F : : Mac ##h ##O : : Segment Command : : file _ offset ( ) at / Mac ##h ##O / Segment Command . c ##pp . [SEP]
LIME (words)
LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp.
SHAP (words)
LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF:: MachO:: SegmentCommand:: file_offset() at / MachO/ SegmentCommand. cpp
#7 · cve_id CVE-2022-43831 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁IBM Storage ▁Scale Container ▁Native Storage ▁Access ▁5 . 1 . 2 . 1 ▁through ▁5 . 1 . 6 . 1 ▁could ▁allow ▁a ▁local ▁user ▁to ▁obtain escalated ▁privileges ▁on ▁a ▁host ▁without ▁proper ▁security ▁context ▁settings configured . ▁IBM X-Force ▁ID : ▁23 89 41 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941.
SHAP (words)
IBM Storage Scale Container Native Storage Access 5. 1. 2. 1 through 5. 1. 6. 1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X- Force ID: 238941
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] I BM Storage Scale Container Native Storage Access 5 . 1 . 2 . 1 through 5 . 1 . 6 . 1 could allow a local user to obtain escalated privileges on a host without proper se ##c uri t ##y context settings configured . I BM X-Force ID : 238 ##9 ##41 . [SEP]
LRP (+Pred, pos-only)
[CLS] I BM Storage Scale Container Native Storage Access 5 . 1 . 2 . 1 through 5 . 1 . 6 . 1 could allow a local user to obtain escalated privileges on a host without proper se ##c uri t ##y context settings configured . I BM X-Force ID : 238 ##9 ##41 . [SEP]
LIME (words)
IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941.
SHAP (words)
IBM Storage Scale Container Native Storage Access 5. 1. 2. 1 through 5. 1. 6. 1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X- Force ID: 238941
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] I BM Storage Scale Container Native Storage Access 5 . 1 . 2 . 1 through 5 . 1 . 6 . 1 could allow a local user to obtain escalated privileges on a host without proper se ##c uri t ##y context settings configured . I BM X-Force ID : 238 ##9 ##41 . [SEP]
LRP (+Pred, pos-only)
[CLS] I BM Storage Scale Container Native Storage Access 5 . 1 . 2 . 1 through 5 . 1 . 6 . 1 could allow a local user to obtain escalated privileges on a host without proper se ##c uri t ##y context settings configured . I BM X-Force ID : 238 ##9 ##41 . [SEP]
LIME (words)
IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941.
SHAP (words)
IBM Storage Scale Container Native Storage Access 5. 1. 2. 1 through 5. 1. 6. 1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X- Force ID: 238941
#8 · cve_id CVE-2022-20900 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Multiple vulnerabilities ▁in ▁the web-based ▁man a gem ent ▁interface ▁of Cisco ▁Small ▁Business RV 110 W RV 130 RV 130 W ▁and RV 2 15 W Routers ▁could ▁allow ▁an authenticated ▁remote ▁attacker ▁to ▁execute ▁arbitrary ▁code ▁on ▁an ▁affected ▁device ▁or ▁cause ▁the ▁device ▁to ▁restart ▁unexpectedly ▁resulting ▁in ▁a ▁denial ▁of ▁service ( DoS ) ▁condition . ▁These vulnerabilities ▁are ▁due ▁to ▁insufficient validation ▁of ▁user ▁fields ▁within ▁incoming HTTP ▁packet s . ▁An ▁attacker ▁could ▁exploit ▁these vulnerabilities ▁by ▁sending ▁a ▁crafted ▁request ▁to ▁the web-based ▁man a gem ent ▁interface . ▁A ▁successful ▁exploit ▁could ▁allow ▁the ▁attacker ▁to ▁execute ▁arbitrary ▁commands ▁on ▁an ▁affected ▁device ▁with root-level ▁privileges ▁or ▁to ▁cause ▁the ▁device ▁to ▁restart ▁unexpectedly ▁resulting ▁in ▁a DoS ▁condition . ▁To ▁exploit ▁these vulnerabilities ▁an ▁attacker ▁would ▁need ▁to ▁have ▁valid Admin ▁is t rator credential s ▁on ▁the ▁affected ▁device . Cisco ▁has ▁not ▁released ▁software ▁updates ▁that ▁address ▁these vulnerabilities . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W RV130 RV130W and RV215W Routers could allow an authenticated remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly resulting in a DoS condition. To exploit these vulnerabilities an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
SHAP (words)
Multiple vulnerabilities in the web- based management interface of Cisco Small Business RV110W RV130 RV130W and RV215W Routers could allow an authenticated remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly resulting in a denial of service ( DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web- based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root- level privileges or to cause the device to restart unexpectedly resulting in a DoS condition. To exploit these vulnerabilities an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mu ##lt ip le vulnerabilities in the web-based man ##a gem en ##t int er ##face of Cisco Small Business RV 110 ##W RV 130 RV 130 ##W and RV 215 ##W Routers could allow an authenticated remote attacker to exec u ##te arbitrary code on an affected dev ice or cause the dev ice to re ##s tar t unexpectedly resulting in a denial of service ( DoS ) condition . These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets . An attacker could exploit these vulnerabilities by sending a crafted request to the web-based man ##a gem en ##t int er ##face . A successful exploit could allow the attacker to exec u ##te arbitrary commands on an affected dev ice with root-level privileges or to cause the dev ice to re ##s tar t unexpectedly resulting in a DoS condition . To exploit these vulnerabilities an attacker would need to have valid Admin is ##tra ##tor credential s on the affected dev ice . Cisco has not released software updates that address these vulnerabilities . [SEP]
LRP (+Pred, pos-only)
[CLS] Mu ##lt ip le vulnerabilities in the web-based man ##a gem en ##t int er ##face of Cisco Small Business RV 110 ##W RV 130 RV 130 ##W and RV 215 ##W Routers could allow an authenticated remote attacker to exec u ##te arbitrary code on an affected dev ice or cause the dev ice to re ##s tar t unexpectedly resulting in a denial of service ( DoS ) condition . These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets . An attacker could exploit these vulnerabilities by sending a crafted request to the web-based man ##a gem en ##t int er ##face . A successful exploit could allow the attacker to exec u ##te arbitrary commands on an affected dev ice with root-level privileges or to cause the dev ice to re ##s tar t unexpectedly resulting in a DoS condition . To exploit these vulnerabilities an attacker would need to have valid Admin is ##tra ##tor credential s on the affected dev ice . Cisco has not released software updates that address these vulnerabilities . [SEP]
LIME (words)
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W RV130 RV130W and RV215W Routers could allow an authenticated remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly resulting in a DoS condition. To exploit these vulnerabilities an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
SHAP (words)
Multiple vulnerabilities in the web- based management interface of Cisco Small Business RV110W RV130 RV130W and RV215W Routers could allow an authenticated remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly resulting in a denial of service ( DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web- based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root- level privileges or to cause the device to restart unexpectedly resulting in a DoS condition. To exploit these vulnerabilities an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mu ##lt ip le vulnerabilities in the web-based man ##a gem en ##t int er ##face of Cisco Small Business RV 110 ##W RV 130 RV 130 ##W and RV 215 ##W Routers could allow an authenticated remote attacker to exec u ##te arbitrary code on an affected dev ice or cause the dev ice to re ##s tar t unexpectedly resulting in a denial of service ( DoS ) condition . These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets . An attacker could exploit these vulnerabilities by sending a crafted request to the web-based man ##a gem en ##t int er ##face . A successful exploit could allow the attacker to exec u ##te arbitrary commands on an affected dev ice with root-level privileges or to cause the dev ice to re ##s tar t unexpectedly resulting in a DoS condition . To exploit these vulnerabilities an attacker would need to have valid Admin is ##tra ##tor credential s on the affected dev ice . Cisco has not released software updates that address these vulnerabilities . [SEP]
LRP (+Pred, pos-only)
[CLS] Mu ##lt ip le vulnerabilities in the web-based man ##a gem en ##t int er ##face of Cisco Small Business RV 110 ##W RV 130 RV 130 ##W and RV 215 ##W Routers could allow an authenticated remote attacker to exec u ##te arbitrary code on an affected dev ice or cause the dev ice to re ##s tar t unexpectedly resulting in a denial of service ( DoS ) condition . These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets . An attacker could exploit these vulnerabilities by sending a crafted request to the web-based man ##a gem en ##t int er ##face . A successful exploit could allow the attacker to exec u ##te arbitrary commands on an affected dev ice with root-level privileges or to cause the dev ice to re ##s tar t unexpectedly resulting in a DoS condition . To exploit these vulnerabilities an attacker would need to have valid Admin is ##tra ##tor credential s on the affected dev ice . Cisco has not released software updates that address these vulnerabilities . [SEP]
LIME (words)
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W RV130 RV130W and RV215W Routers could allow an authenticated remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly resulting in a DoS condition. To exploit these vulnerabilities an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
SHAP (words)
Multiple vulnerabilities in the web- based management interface of Cisco Small Business RV110W RV130 RV130W and RV215W Routers could allow an authenticated remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly resulting in a denial of service ( DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web- based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root- level privileges or to cause the device to restart unexpectedly resulting in a DoS condition. To exploit these vulnerabilities an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities
#9 · cve_id CVE-2020-19695 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Buffer Overflow ▁found ▁in ▁N gin x ▁N JS ▁allows ▁a ▁remote ▁attacker ▁to ▁execute ▁arbitrary ▁code ▁via ▁the njs ▁_ object _ proper ty param eter ▁of ▁the njs / njs ▁_ v m . c ▁function . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.
SHAP (words)
Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/ njs_vm. c function
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Buffer Overflow found in Ng ##in ##x N JS allows a remote attacker to exec u ##te arbitrary code via the njs _ object _ property param et ##er of the njs / njs _ v ##m . c function . [SEP]
LRP (+Pred, pos-only)
[CLS] Buffer Overflow found in Ng ##in ##x N JS allows a remote attacker to exec u ##te arbitrary code via the njs _ object _ property param et ##er of the njs / njs _ v ##m . c function . [SEP]
LIME (words)
Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.
SHAP (words)
Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/ njs_vm. c function
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Buffer Overflow found in Ng ##in ##x N JS allows a remote attacker to exec u ##te arbitrary code via the njs _ object _ property param et ##er of the njs / njs _ v ##m . c function . [SEP]
LRP (+Pred, pos-only)
[CLS] Buffer Overflow found in Ng ##in ##x N JS allows a remote attacker to exec u ##te arbitrary code via the njs _ object _ property param et ##er of the njs / njs _ v ##m . c function . [SEP]
LIME (words)
Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.
SHAP (words)
Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/ njs_vm. c function
#10 · cve_id CVE-2021-38377 · i
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
OX ▁App ▁Suite ▁through ▁7 . 10 . 5 ▁allows XSS ▁via JavaScript ▁code ▁in ▁an ▁anchor HTML ▁comment ▁within truncated e-mail ▁because ▁there ▁is ▁a ▁predictable ▁U UID ▁with HTML ▁trans for matio n ▁results . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail because there is a predictable UUID with HTML transformation results.
SHAP (words)
OX App Suite through 7. 10. 5 allows XSS via JavaScript code in an anchor HTML comment within truncated e- mail because there is a predictable UUID with HTML transformation results
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] OX App Su ite through 7 . 10 . 5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail because there is a pre ##dic tab le U UID with HTML trans ##fo ##r matio n results . [SEP]
LRP (+Pred, pos-only)
[CLS] OX App Su ite through 7 . 10 . 5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail because there is a pre ##dic tab le U UID with HTML trans ##fo ##r matio n results . [SEP]
LIME (words)
OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail because there is a predictable UUID with HTML transformation results.
SHAP (words)
OX App Suite through 7. 10. 5 allows XSS via JavaScript code in an anchor HTML comment within truncated e- mail because there is a predictable UUID with HTML transformation results
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] OX App Su ite through 7 . 10 . 5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail because there is a pre ##dic tab le U UID with HTML trans ##fo ##r matio n results . [SEP]
LRP (+Pred, pos-only)
[CLS] OX App Su ite through 7 . 10 . 5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail because there is a pre ##dic tab le U UID with HTML trans ##fo ##r matio n results . [SEP]
LIME (words)
OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail because there is a predictable UUID with HTML transformation results.
SHAP (words)
OX App Suite through 7. 10. 5 allows XSS via JavaScript code in an anchor HTML comment within truncated e- mail because there is a predictable UUID with HTML transformation results
#11 · cve_id CVE-2024-22213 · i
GT=LOW (1)
xlnet · Pred=LOW (1) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Dec k ▁is ▁a kan ban ▁style ▁organization ▁tool ▁aimed ▁at ▁personal ▁planning ▁and ▁project ▁organization ▁for ▁teams ▁integrated ▁with Nextcloud . ▁In ▁affected ▁versions ▁users ▁could ▁be tricked ▁into ▁executing malicious ▁code ▁that ▁would ▁execute ▁in ▁their browse r ▁via HTML ▁sent ▁as ▁a ▁comment . ▁It ▁is ▁recommended ▁that ▁the Nextcloud ▁Dec k ▁is ▁upgraded ▁to ▁version ▁1 . 9 . 5 ▁or ▁1 . 11 . 2 . ▁There ▁are ▁no ▁known workarounds ▁for ▁this ▁vulnerability . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability.
SHAP (words)
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1. 9. 5 or 1. 11. 2. There are no known workarounds for this vulnerability
lrp-bert · Pred=LOW (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Deck is a ka ##n ##ban style organization tool aimed at personal planning and project organization for teams int e ##gra ##ted with Nextcloud . In affected versions users could be tricked int o exec u ##ting malicious code that would exec u ##te in their browse r via HTML sent as a comment . It is recommended that the Nextcloud Deck is upgraded to version 1 . 9 . 5 or 1 . 11 . 2 . There are no known workarounds for this vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] Deck is a ka ##n ##ban style organization tool aimed at personal planning and project organization for teams int e ##gra ##ted with Nextcloud . In affected versions users could be tricked int o exec u ##ting malicious code that would exec u ##te in their browse r via HTML sent as a comment . It is recommended that the Nextcloud Deck is upgraded to version 1 . 9 . 5 or 1 . 11 . 2 . There are no known workarounds for this vulnerability . [SEP]
LIME (words)
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability.
SHAP (words)
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1. 9. 5 or 1. 11. 2. There are no known workarounds for this vulnerability
lrp-distilbert · Pred=LOW (1) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Deck is a ka ##n ##ban style organization tool aimed at personal planning and project organization for teams int e ##gra ##ted with Nextcloud . In affected versions users could be tricked int o exec u ##ting malicious code that would exec u ##te in their browse r via HTML sent as a comment . It is recommended that the Nextcloud Deck is upgraded to version 1 . 9 . 5 or 1 . 11 . 2 . There are no known workarounds for this vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] Deck is a ka ##n ##ban style organization tool aimed at personal planning and project organization for teams int e ##gra ##ted with Nextcloud . In affected versions users could be tricked int o exec u ##ting malicious code that would exec u ##te in their browse r via HTML sent as a comment . It is recommended that the Nextcloud Deck is upgraded to version 1 . 9 . 5 or 1 . 11 . 2 . There are no known workarounds for this vulnerability . [SEP]
LIME (words)
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability.
SHAP (words)
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1. 9. 5 or 1. 11. 2. There are no known workarounds for this vulnerability
#12 · cve_id CVE-2022-27808 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Insufficient ▁control ▁flow ▁man a gem ent ▁in ▁some ▁Intel ( R ) Ethernet ▁Controller Admin ▁is tra tive Tools ▁drivers ▁for ▁Windows ▁before ▁version ▁1 . 5 . 0 . 2 ▁may ▁allow ▁an authenticated ▁user ▁to ▁potentially ▁enable escalation ▁of ▁privilege ▁via ▁local ▁access . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
SHAP (words)
Insufficient control flow management in some Intel( R) Ethernet Controller Administrative Tools drivers for Windows before version 1. 5. 0. 2 may allow an authenticated user to potentially enable escalation of privilege via local access
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Insufficient control flow man ##a gem en ##t in some Intel ( R ) Ethernet Controller Admin is ##tra ##tive Tools drivers for Windows before version 1 . 5 . 0 . 2 may allow an authenticated user to potentially enable escalation of privilege via local access . [SEP]
LRP (+Pred, pos-only)
[CLS] Insufficient control flow man ##a gem en ##t in some Intel ( R ) Ethernet Controller Admin is ##tra ##tive Tools drivers for Windows before version 1 . 5 . 0 . 2 may allow an authenticated user to potentially enable escalation of privilege via local access . [SEP]
LIME (words)
Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
SHAP (words)
Insufficient control flow management in some Intel( R) Ethernet Controller Administrative Tools drivers for Windows before version 1. 5. 0. 2 may allow an authenticated user to potentially enable escalation of privilege via local access
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Insufficient control flow man ##a gem en ##t in some Intel ( R ) Ethernet Controller Admin is ##tra ##tive Tools drivers for Windows before version 1 . 5 . 0 . 2 may allow an authenticated user to potentially enable escalation of privilege via local access . [SEP]
LRP (+Pred, pos-only)
[CLS] Insufficient control flow man ##a gem en ##t in some Intel ( R ) Ethernet Controller Admin is ##tra ##tive Tools drivers for Windows before version 1 . 5 . 0 . 2 may allow an authenticated user to potentially enable escalation of privilege via local access . [SEP]
LIME (words)
Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
SHAP (words)
Insufficient control flow management in some Intel( R) Ethernet Controller Administrative Tools drivers for Windows before version 1. 5. 0. 2 may allow an authenticated user to potentially enable escalation of privilege via local access
#13 · cve_id CVE-2022-48189 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An SMM ▁driver ▁input validation ▁vulnerability ▁in ▁the BIOS ▁of ▁some ThinkPad ▁models ▁could ▁allow ▁an ▁attacker ▁with ▁local ▁access ▁and elevate d ▁privileges ▁to ▁execute ▁arbitrary ▁code . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.
SHAP (words)
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An SMM driver input validation vulnerability in the BIOS of some ThinkPad mod el ##s could allow an attacker with local access and elevate d privileges to exec u ##te arbitrary code . [SEP]
LRP (+Pred, pos-only)
[CLS] An SMM driver input validation vulnerability in the BIOS of some ThinkPad mod el ##s could allow an attacker with local access and elevate d privileges to exec u ##te arbitrary code . [SEP]
LIME (words)
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.
SHAP (words)
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An SMM driver input validation vulnerability in the BIOS of some ThinkPad mod el ##s could allow an attacker with local access and elevate d privileges to exec u ##te arbitrary code . [SEP]
LRP (+Pred, pos-only)
[CLS] An SMM driver input validation vulnerability in the BIOS of some ThinkPad mod el ##s could allow an attacker with local access and elevate d privileges to exec u ##te arbitrary code . [SEP]
LIME (words)
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.
SHAP (words)
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code
#14 · cve_id CVE-2020-9920 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁path ▁handling ▁issue ▁was ▁addressed ▁with ▁improved validation . ▁This ▁issue ▁is ▁fixed ▁in ▁iOS ▁13 . 6 ▁and iPadOS ▁13 . 6 macOS ▁Catalina ▁10 . 15 . 6 watchOS ▁6 . 2 . 8 . ▁A malicious ▁mail ▁server ▁may overwrite ▁arbitrary ▁mail ▁files . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6 macOS Catalina 10.15.6 watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files.
SHAP (words)
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13. 6 and iPadOS 13. 6 macOS Catalina 10. 15. 6 watchOS 6. 2. 8. A malicious mail server may overwrite arbitrary mail files
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A path handling issue was addressed with improved validation . This issue is fixed in iOS 13 . 6 and iPadOS 13 . 6 macOS Catalina 10 . 15 . 6 watchOS 6 . 2 . 8 . A malicious mail server may overwrite arbitrary mail files . [SEP]
LRP (+Pred, pos-only)
[CLS] A path handling issue was addressed with improved validation . This issue is fixed in iOS 13 . 6 and iPadOS 13 . 6 macOS Catalina 10 . 15 . 6 watchOS 6 . 2 . 8 . A malicious mail server may overwrite arbitrary mail files . [SEP]
LIME (words)
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6 macOS Catalina 10.15.6 watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files.
SHAP (words)
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13. 6 and iPadOS 13. 6 macOS Catalina 10. 15. 6 watchOS 6. 2. 8. A malicious mail server may overwrite arbitrary mail files
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A path handling issue was addressed with improved validation . This issue is fixed in iOS 13 . 6 and iPadOS 13 . 6 macOS Catalina 10 . 15 . 6 watchOS 6 . 2 . 8 . A malicious mail server may overwrite arbitrary mail files . [SEP]
LRP (+Pred, pos-only)
[CLS] A path handling issue was addressed with improved validation . This issue is fixed in iOS 13 . 6 and iPadOS 13 . 6 macOS Catalina 10 . 15 . 6 watchOS 6 . 2 . 8 . A malicious mail server may overwrite arbitrary mail files . [SEP]
LIME (words)
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6 macOS Catalina 10.15.6 watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files.
SHAP (words)
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13. 6 and iPadOS 13. 6 macOS Catalina 10. 15. 6 watchOS 6. 2. 8. A malicious mail server may overwrite arbitrary mail files
#15 · cve_id CVE-2022-32030 · i
GT=NONE (0)
xlnet · Pred=HIGH (2) · p=0.99 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Tenda AX 18 06 ▁v 1 . 0 . 0 . 1 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a ▁stack overflow ▁via ▁the ▁list param eter ▁in ▁the ▁function ▁form S et Q os B and . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand.
SHAP (words)
Tenda AX1806 v1. 0. 0. 1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand
lrp-bert · Pred=HIGH (2) · p=1.00 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Tenda AX 1806 v ##1 . 0 . 0 . 1 was di sc over ##ed to contain a stack overflow via the list param et ##er in the function form ##S ##et ##Q ##os ##B ##and . [SEP]
LRP (+Pred, pos-only)
[CLS] Tenda AX 1806 v ##1 . 0 . 0 . 1 was di sc over ##ed to contain a stack overflow via the list param et ##er in the function form ##S ##et ##Q ##os ##B ##and . [SEP]
LIME (words)
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand.
SHAP (words)
Tenda AX1806 v1. 0. 0. 1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand
lrp-distilbert · Pred=HIGH (2) · p=0.99 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Tenda AX 1806 v ##1 . 0 . 0 . 1 was di sc over ##ed to contain a stack overflow via the list param et ##er in the function form ##S ##et ##Q ##os ##B ##and . [SEP]
LRP (+Pred, pos-only)
[CLS] Tenda AX 1806 v ##1 . 0 . 0 . 1 was di sc over ##ed to contain a stack overflow via the list param et ##er in the function form ##S ##et ##Q ##os ##B ##and . [SEP]
LIME (words)
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand.
SHAP (words)
Tenda AX1806 v1. 0. 0. 1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand
#16 · cve_id CVE-2023-34620 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁issue ▁was ▁di sc ▁over ed h js ▁on ▁thru ▁3 . 0 . 0 ▁allows ▁attackers ▁to ▁cause ▁a ▁denial ▁of ▁service ▁or ▁other unspecified ▁impacts ▁via ▁crafted ▁object ▁that ▁uses cyclic dependencies . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An issue was discovered hjson thru 3.0.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
SHAP (words)
An issue was discovered hjson thru 3. 0. 0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies
lrp-bert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed h js on th ##ru 3 . 0 . 0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses c ##y cli c dependencies . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed h js on th ##ru 3 . 0 . 0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses c ##y cli c dependencies . [SEP]
LIME (words)
An issue was discovered hjson thru 3.0.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
SHAP (words)
An issue was discovered hjson thru 3. 0. 0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed h js on th ##ru 3 . 0 . 0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses c ##y cli c dependencies . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed h js on th ##ru 3 . 0 . 0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses c ##y cli c dependencies . [SEP]
LIME (words)
An issue was discovered hjson thru 3.0.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
SHAP (words)
An issue was discovered hjson thru 3. 0. 0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies
#17 · cve_id CVE-2014-9758 · i
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Cross-site scripting ( XSS ) ▁vulnerability ▁in Magento ▁E - Commerce Plat ▁form ▁1 . 9 . 0 . 1 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1.
SHAP (words)
Cross- site scripting ( XSS) vulnerability in Magento E- Commerce Platform 1. 9. 0. 1
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross-site scripting ( XSS ) vulnerability in Magento E - Commerce Plat form 1 . 9 . 0 . 1 . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross-site scripting ( XSS ) vulnerability in Magento E - Commerce Plat form 1 . 9 . 0 . 1 . [SEP]
LIME (words)
Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1.
SHAP (words)
Cross- site scripting ( XSS) vulnerability in Magento E- Commerce Platform 1. 9. 0. 1
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross-site scripting ( XSS ) vulnerability in Magento E - Commerce Plat form 1 . 9 . 0 . 1 . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross-site scripting ( XSS ) vulnerability in Magento E - Commerce Plat form 1 . 9 . 0 . 1 . [SEP]
LIME (words)
Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1.
SHAP (words)
Cross- site scripting ( XSS) vulnerability in Magento E- Commerce Platform 1. 9. 0. 1
#18 · cve_id CVE-2023-29756 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁issue ▁found ▁in Twilight ▁v . 13 . 3 ▁for ▁Android ▁allows unauthorized ▁apps ▁to ▁cause ▁a persist ent ▁denial ▁of ▁service ▁by manipulating ▁the Shared ▁P reference ▁files . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
SHAP (words)
An issue found in Twilight v. 13. 3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue found in Twilight v . 13 . 3 for Android allows unauthorized apps to cause a persist en ##t denial of service by manipulating the Shared Pre ##ference files . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue found in Twilight v . 13 . 3 for Android allows unauthorized apps to cause a persist en ##t denial of service by manipulating the Shared Pre ##ference files . [SEP]
LIME (words)
An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
SHAP (words)
An issue found in Twilight v. 13. 3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue found in Twilight v . 13 . 3 for Android allows unauthorized apps to cause a persist en ##t denial of service by manipulating the Shared Pre ##ference files . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue found in Twilight v . 13 . 3 for Android allows unauthorized apps to cause a persist en ##t denial of service by manipulating the Shared Pre ##ference files . [SEP]
LIME (words)
An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
SHAP (words)
An issue found in Twilight v. 13. 3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files
#19 · cve_id CVE-2023-36753 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁has ▁been ▁identified ▁in RUGGEDCOM ROX MX 5 000 ( All ▁versions ▁< ▁V 2 . 16 . 0 ) RUGGEDCOM ROX MX 5 000 RE ( All ▁versions ▁< ▁V 2 . 16 . 0 ) RUGGEDCOM ROX RX 1400 ( All ▁versions ▁< ▁V 2 . 16 . 0 ) RUGGEDCOM ROX RX 1 500 ( All ▁versions ▁< ▁V 2 . 16 . 0 ) RUGGEDCOM ROX RX 150 1 ( All ▁versions ▁< ▁V 2 . 16 . 0 ) RUGGEDCOM ROX RX 15 10 ( All ▁versions ▁< ▁V 2 . 16 . 0 ) RUGGEDCOM ROX RX 15 11 ( All ▁versions ▁< ▁V 2 . 16 . 0 ) RUGGEDCOM ROX RX 15 12 ( All ▁versions ▁< ▁V 2 . 16 . 0 ) RUGGEDCOM ROX RX 15 24 ( All ▁versions ▁< ▁V 2 . 16 . 0 ) RUGGEDCOM ROX RX 15 36 ( All ▁versions ▁< ▁V 2 . 16 . 0 ) RUGGEDCOM ROX RX 5 000 ( All ▁versions ▁< ▁V 2 . 16 . 0 ) . ▁The uninstall - app ▁App - name param eter ▁in ▁the ▁web ▁interface ▁of ▁affected ▁devices ▁is ▁vulnerable ▁to ▁command inject ion ▁due ▁to ▁mi ssi ng ▁server sid e ▁input ▁sanitation . ▁This ▁could ▁allow ▁an authenticated ▁privileged ▁remote ▁attacker ▁to ▁execute ▁arbitrary ▁code ▁with ▁root ▁privileges . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0) RUGGEDCOM ROX MX5000RE (All versions < V2.16.0) RUGGEDCOM ROX RX1400 (All versions < V2.16.0) RUGGEDCOM ROX RX1500 (All versions < V2.16.0) RUGGEDCOM ROX RX1501 (All versions < V2.16.0) RUGGEDCOM ROX RX1510 (All versions < V2.16.0) RUGGEDCOM ROX RX1511 (All versions < V2.16.0) RUGGEDCOM ROX RX1512 (All versions < V2.16.0) RUGGEDCOM ROX RX1524 (All versions < V2.16.0) RUGGEDCOM ROX RX1536 (All versions < V2.16.0) RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
SHAP (words)
A vulnerability has been identified in RUGGEDCOM ROX MX5000 ( All versions < V2. 16. 0) RUGGEDCOM ROX MX5000RE ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1400 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1500 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1501 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1510 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1511 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1512 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1524 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1536 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX5000 ( All versions < V2. 16. 0). The uninstall- app App- name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been identified in RUGGEDCOM ROX MX 5000 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX MX 5000 RE ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##14 ##00 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##00 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##01 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##10 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##11 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##12 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##24 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##36 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##500 ##0 ( All versions < V ##2 . 16 . 0 ) . The uninstall - app App - name param et ##er in the web int er ##face of affected dev ice ##s is vulnerable to command inject ion due to mi ssi ng server sid e input sanitation . This could allow an authenticated privileged remote attacker to exec u ##te arbitrary code with root privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been identified in RUGGEDCOM ROX MX 5000 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX MX 5000 RE ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##14 ##00 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##00 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##01 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##10 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##11 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##12 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##24 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##36 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##500 ##0 ( All versions < V ##2 . 16 . 0 ) . The uninstall - app App - name param et ##er in the web int er ##face of affected dev ice ##s is vulnerable to command inject ion due to mi ssi ng server sid e input sanitation . This could allow an authenticated privileged remote attacker to exec u ##te arbitrary code with root privileges . [SEP]
LIME (words)
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0) RUGGEDCOM ROX MX5000RE (All versions < V2.16.0) RUGGEDCOM ROX RX1400 (All versions < V2.16.0) RUGGEDCOM ROX RX1500 (All versions < V2.16.0) RUGGEDCOM ROX RX1501 (All versions < V2.16.0) RUGGEDCOM ROX RX1510 (All versions < V2.16.0) RUGGEDCOM ROX RX1511 (All versions < V2.16.0) RUGGEDCOM ROX RX1512 (All versions < V2.16.0) RUGGEDCOM ROX RX1524 (All versions < V2.16.0) RUGGEDCOM ROX RX1536 (All versions < V2.16.0) RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
SHAP (words)
A vulnerability has been identified in RUGGEDCOM ROX MX5000 ( All versions < V2. 16. 0) RUGGEDCOM ROX MX5000RE ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1400 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1500 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1501 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1510 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1511 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1512 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1524 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1536 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX5000 ( All versions < V2. 16. 0). The uninstall- app App- name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been identified in RUGGEDCOM ROX MX 5000 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX MX 5000 RE ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##14 ##00 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##00 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##01 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##10 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##11 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##12 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##24 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##36 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##500 ##0 ( All versions < V ##2 . 16 . 0 ) . The uninstall - app App - name param et ##er in the web int er ##face of affected dev ice ##s is vulnerable to command inject ion due to mi ssi ng server sid e input sanitation . This could allow an authenticated privileged remote attacker to exec u ##te arbitrary code with root privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been identified in RUGGEDCOM ROX MX 5000 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX MX 5000 RE ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##14 ##00 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##00 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##01 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##10 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##11 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##12 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##24 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##15 ##36 ( All versions < V ##2 . 16 . 0 ) RUGGEDCOM ROX R ##X ##500 ##0 ( All versions < V ##2 . 16 . 0 ) . The uninstall - app App - name param et ##er in the web int er ##face of affected dev ice ##s is vulnerable to command inject ion due to mi ssi ng server sid e input sanitation . This could allow an authenticated privileged remote attacker to exec u ##te arbitrary code with root privileges . [SEP]
LIME (words)
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0) RUGGEDCOM ROX MX5000RE (All versions < V2.16.0) RUGGEDCOM ROX RX1400 (All versions < V2.16.0) RUGGEDCOM ROX RX1500 (All versions < V2.16.0) RUGGEDCOM ROX RX1501 (All versions < V2.16.0) RUGGEDCOM ROX RX1510 (All versions < V2.16.0) RUGGEDCOM ROX RX1511 (All versions < V2.16.0) RUGGEDCOM ROX RX1512 (All versions < V2.16.0) RUGGEDCOM ROX RX1524 (All versions < V2.16.0) RUGGEDCOM ROX RX1536 (All versions < V2.16.0) RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
SHAP (words)
A vulnerability has been identified in RUGGEDCOM ROX MX5000 ( All versions < V2. 16. 0) RUGGEDCOM ROX MX5000RE ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1400 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1500 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1501 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1510 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1511 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1512 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1524 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX1536 ( All versions < V2. 16. 0) RUGGEDCOM ROX RX5000 ( All versions < V2. 16. 0). The uninstall- app App- name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges
#20 · cve_id CVE-2023-1570 · i
GT=NONE (0)
xlnet · Pred=HIGH (2) · p=0.94 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁which ▁was cla ssi fi ed ▁as ▁problematic ▁has ▁been ▁found ▁in s yo yo ▁tiny d ng . Affected ▁by ▁this ▁issue ▁is ▁the ▁function ▁_ _ inter cept or _ memcpy ▁of ▁the ▁file ▁tiny _ d ng _ loader . h . ▁The ▁manipulation ▁leads ▁to heap-based ▁buffer overflow . ▁Local ▁access ▁is ▁required ▁to ▁approach ▁this ▁attack . ▁The ▁exploit ▁has ▁been disclose d ▁to ▁the ▁public ▁and ▁may ▁be ▁used . ▁Con tin ious ▁delivery ▁with ▁rolling ▁releases ▁is ▁used ▁by ▁this ▁product . ▁Therefore ▁no ▁version ▁details ▁of ▁affected ▁nor ▁updated ▁releases ▁are ▁available . ▁It ▁is ▁recommended ▁to ▁apply ▁a ▁patch ▁to ▁fix ▁this ▁issue . ▁V DB - 22 35 62 ▁is ▁the identifier ▁a ssi gne d ▁to ▁this ▁vulnerability . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability which was classified as problematic has been found in syoyo tinydng. Affected by this issue is the function __interceptor_memcpy of the file tiny_dng_loader.h. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore no version details of affected nor updated releases are available. It is recommended to apply a patch to fix this issue. VDB-223562 is the identifier assigned to this vulnerability.
SHAP (words)
A vulnerability which was classified as problematic has been found in syoyo tinydng. Affected by this issue is the function __interceptor_memcpy of the file tiny_dng_loader. h. The manipulation leads to heap- based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore no version details of affected nor updated releases are available. It is recommended to apply a patch to fix this issue. VDB- 223562 is the identifier assigned to this vulnerability
lrp-bert · Pred=HIGH (2) · p=0.96 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability which was c ##la ssi fi ##ed as problematic has been found in s ##yo ##yo tiny ##dn ##g . Affected by this issue is the function _ _ int er ##ceptor _ memcpy of the file tiny _ d ##ng _ loader . h . The man ip ul ##ation leads to heap-based buffer overflow . Local access is required to approach this attack . The exploit has been disclose d to the public and may be used . Con ##tin ##ious delivery with rolling releases is used by this product . Therefore no version details of affected nor updated releases are available . It is recommended to apply a patch to fix this issue . V ##D ##B - 223 ##5 ##6 ##2 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability which was c ##la ssi fi ##ed as problematic has been found in s ##yo ##yo tiny ##dn ##g . Affected by this issue is the function _ _ int er ##ceptor _ memcpy of the file tiny _ d ##ng _ loader . h . The man ip ul ##ation leads to heap-based buffer overflow . Local access is required to approach this attack . The exploit has been disclose d to the public and may be used . Con ##tin ##ious delivery with rolling releases is used by this product . Therefore no version details of affected nor updated releases are available . It is recommended to apply a patch to fix this issue . V ##D ##B - 223 ##5 ##6 ##2 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LIME (words)
A vulnerability which was classified as problematic has been found in syoyo tinydng. Affected by this issue is the function __interceptor_memcpy of the file tiny_dng_loader.h. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore no version details of affected nor updated releases are available. It is recommended to apply a patch to fix this issue. VDB-223562 is the identifier assigned to this vulnerability.
SHAP (words)
A vulnerability which was classified as problematic has been found in syoyo tinydng. Affected by this issue is the function __interceptor_memcpy of the file tiny_dng_loader. h. The manipulation leads to heap- based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore no version details of affected nor updated releases are available. It is recommended to apply a patch to fix this issue. VDB- 223562 is the identifier assigned to this vulnerability
lrp-distilbert · Pred=HIGH (2) · p=0.57 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability which was c ##la ssi fi ##ed as problematic has been found in s ##yo ##yo tiny ##dn ##g . Affected by this issue is the function _ _ int er ##ceptor _ memcpy of the file tiny _ d ##ng _ loader . h . The man ip ul ##ation leads to heap-based buffer overflow . Local access is required to approach this attack . The exploit has been disclose d to the public and may be used . Con ##tin ##ious delivery with rolling releases is used by this product . Therefore no version details of affected nor updated releases are available . It is recommended to apply a patch to fix this issue . V ##D ##B - 223 ##5 ##6 ##2 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability which was c ##la ssi fi ##ed as problematic has been found in s ##yo ##yo tiny ##dn ##g . Affected by this issue is the function _ _ int er ##ceptor _ memcpy of the file tiny _ d ##ng _ loader . h . The man ip ul ##ation leads to heap-based buffer overflow . Local access is required to approach this attack . The exploit has been disclose d to the public and may be used . Con ##tin ##ious delivery with rolling releases is used by this product . Therefore no version details of affected nor updated releases are available . It is recommended to apply a patch to fix this issue . V ##D ##B - 223 ##5 ##6 ##2 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LIME (words)
A vulnerability which was classified as problematic has been found in syoyo tinydng. Affected by this issue is the function __interceptor_memcpy of the file tiny_dng_loader.h. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore no version details of affected nor updated releases are available. It is recommended to apply a patch to fix this issue. VDB-223562 is the identifier assigned to this vulnerability.
SHAP (words)
A vulnerability which was classified as problematic has been found in syoyo tinydng. Affected by this issue is the function __interceptor_memcpy of the file tiny_dng_loader. h. The manipulation leads to heap- based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore no version details of affected nor updated releases are available. It is recommended to apply a patch to fix this issue. VDB- 223562 is the identifier assigned to this vulnerability
#21 · cve_id CVE-2022-30672 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Adobe InDesign ▁versions ▁16 . 4 . 2 ( and ▁earlier ) ▁and ▁17 . 3 ( and ▁earlier ) ▁are ▁affected ▁by ▁an out-of-bounds ▁read ▁vulnerability ▁that ▁could ▁lead ▁to ▁di sc los ure ▁of ▁sensitive ▁memory . ▁An ▁attacker ▁could ▁leverage ▁this ▁vulnerability ▁to ▁bypass mitigations ▁such ▁as ASLR . Exploitation ▁of ▁this ▁issue ▁requires ▁user ▁interaction ▁in ▁that ▁a ▁victim ▁must ▁open ▁a malicious ▁file . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SHAP (words)
Adobe InDesign versions 16. 4. 2 ( and earlier) and 17. 3 ( and earlier) are affected by an out- of- bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Adobe InDesign versions 16 . 4 . 2 ( and earlier ) and 17 . 3 ( and earlier ) are affected by an out-of-bounds read vulnerability that could lead to di sc los ##ure of sensitive memory . An attacker could leverage this vulnerability to bypass mitigations such as ASLR . Exploitation of this issue requires user int era ##ction in that a victim must open a malicious file . [SEP]
LRP (+Pred, pos-only)
[CLS] Adobe InDesign versions 16 . 4 . 2 ( and earlier ) and 17 . 3 ( and earlier ) are affected by an out-of-bounds read vulnerability that could lead to di sc los ##ure of sensitive memory . An attacker could leverage this vulnerability to bypass mitigations such as ASLR . Exploitation of this issue requires user int era ##ction in that a victim must open a malicious file . [SEP]
LIME (words)
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SHAP (words)
Adobe InDesign versions 16. 4. 2 ( and earlier) and 17. 3 ( and earlier) are affected by an out- of- bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Adobe InDesign versions 16 . 4 . 2 ( and earlier ) and 17 . 3 ( and earlier ) are affected by an out-of-bounds read vulnerability that could lead to di sc los ##ure of sensitive memory . An attacker could leverage this vulnerability to bypass mitigations such as ASLR . Exploitation of this issue requires user int era ##ction in that a victim must open a malicious file . [SEP]
LRP (+Pred, pos-only)
[CLS] Adobe InDesign versions 16 . 4 . 2 ( and earlier ) and 17 . 3 ( and earlier ) are affected by an out-of-bounds read vulnerability that could lead to di sc los ##ure of sensitive memory . An attacker could leverage this vulnerability to bypass mitigations such as ASLR . Exploitation of this issue requires user int era ##ction in that a victim must open a malicious file . [SEP]
LIME (words)
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SHAP (words)
Adobe InDesign versions 16. 4. 2 ( and earlier) and 17. 3 ( and earlier) are affected by an out- of- bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file
#22 · cve_id CVE-2022-47617 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Hit ron ▁CO DA - 53 10 ▁has hard-coded encrypt ion / decryption ▁keys ▁in ▁the ▁program ▁code . ▁A ▁remote ▁attacker authenticated ▁as ▁an admin ▁is t rator ▁can decrypt ▁system ▁files ▁using ▁the hard-coded ▁keys ▁for ▁file ▁access ▁modification ▁and ▁cause ▁service ▁disruption . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access modification and cause service disruption.
SHAP (words)
Hitron CODA- 5310 has hard- coded encryption/ decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard- coded keys for file access modification and cause service disruption
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Hit ##ron CO ##DA - 53 ##10 has hard-coded encrypt ion / decryption keys in the program code . A remote attacker authenticated as an admin is ##tra ##tor can decrypt system files using the hard-coded keys for file access mod if ##ica ##tion and cause service disruption . [SEP]
LRP (+Pred, pos-only)
[CLS] Hit ##ron CO ##DA - 53 ##10 has hard-coded encrypt ion / decryption keys in the program code . A remote attacker authenticated as an admin is ##tra ##tor can decrypt system files using the hard-coded keys for file access mod if ##ica ##tion and cause service disruption . [SEP]
LIME (words)
Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access modification and cause service disruption.
SHAP (words)
Hitron CODA- 5310 has hard- coded encryption/ decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard- coded keys for file access modification and cause service disruption
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Hit ##ron CO ##DA - 53 ##10 has hard-coded encrypt ion / decryption keys in the program code . A remote attacker authenticated as an admin is ##tra ##tor can decrypt system files using the hard-coded keys for file access mod if ##ica ##tion and cause service disruption . [SEP]
LRP (+Pred, pos-only)
[CLS] Hit ##ron CO ##DA - 53 ##10 has hard-coded encrypt ion / decryption keys in the program code . A remote attacker authenticated as an admin is ##tra ##tor can decrypt system files using the hard-coded keys for file access mod if ##ica ##tion and cause service disruption . [SEP]
LIME (words)
Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access modification and cause service disruption.
SHAP (words)
Hitron CODA- 5310 has hard- coded encryption/ decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard- coded keys for file access modification and cause service disruption
#23 · cve_id CVE-2020-7729 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The ▁package ▁grunt ▁before ▁1 . 3 . 0 ▁are ▁vulnerable ▁to Arbitrary ▁Code Execution ▁due ▁to ▁the ▁default ▁usage ▁of ▁the ▁function ▁load ( ) ▁instead ▁of ▁its ▁secure ▁replacement ▁safe Load ( ) ▁of ▁the ▁package js - yam l ▁in sid e ▁grunt . file . read YAML . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
SHAP (words)
The package grunt before 1. 3. 0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js- yaml inside grunt. file. readYAML
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The package grunt before 1 . 3 . 0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load ( ) instead of its secure replacement safe Load ( ) of the package js - ya ##m ##l in sid e grunt . file . read YAML . [SEP]
LRP (+Pred, pos-only)
[CLS] The package grunt before 1 . 3 . 0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load ( ) instead of its secure replacement safe Load ( ) of the package js - ya ##m ##l in sid e grunt . file . read YAML . [SEP]
LIME (words)
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
SHAP (words)
The package grunt before 1. 3. 0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js- yaml inside grunt. file. readYAML
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The package grunt before 1 . 3 . 0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load ( ) instead of its secure replacement safe Load ( ) of the package js - ya ##m ##l in sid e grunt . file . read YAML . [SEP]
LRP (+Pred, pos-only)
[CLS] The package grunt before 1 . 3 . 0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load ( ) instead of its secure replacement safe Load ( ) of the package js - ya ##m ##l in sid e grunt . file . read YAML . [SEP]
LIME (words)
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
SHAP (words)
The package grunt before 1. 3. 0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js- yaml inside grunt. file. readYAML
#24 · cve_id CVE-2022-22991 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A malicious ▁user ▁on ▁the ▁same LAN ▁could ▁use DNS spoofing ▁followed ▁by ▁a ▁command inject ion ▁attack ▁to ▁trick ▁a ▁NAS ▁device ▁into ▁loading ▁through ▁an unsecured HTTP ▁call . Address ed ▁this ▁vulnerability ▁by disabling ▁checks ▁for ▁internet ▁connectivity ▁using HTTP . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP.
SHAP (words)
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A malicious user on the same LAN could use DNS spoofing followed by a command inject ion attack to trick a NAS dev ice int o loading through an unsecured HTTP call . Address ed this vulnerability by disabling checks for int er ##net connectivity using HTTP . [SEP]
LRP (+Pred, pos-only)
[CLS] A malicious user on the same LAN could use DNS spoofing followed by a command inject ion attack to trick a NAS dev ice int o loading through an unsecured HTTP call . Address ed this vulnerability by disabling checks for int er ##net connectivity using HTTP . [SEP]
LIME (words)
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP.
SHAP (words)
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A malicious user on the same LAN could use DNS spoofing followed by a command inject ion attack to trick a NAS dev ice int o loading through an unsecured HTTP call . Address ed this vulnerability by disabling checks for int er ##net connectivity using HTTP . [SEP]
LRP (+Pred, pos-only)
[CLS] A malicious user on the same LAN could use DNS spoofing followed by a command inject ion attack to trick a NAS dev ice int o loading through an unsecured HTTP call . Address ed this vulnerability by disabling checks for int er ##net connectivity using HTTP . [SEP]
LIME (words)
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP.
SHAP (words)
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP
#25 · cve_id CVE-2022-20959 · i
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁in ▁the ▁External RESTful ▁Services ( ERS ) ▁API ▁of Cisco ▁Identity ▁Services ▁Engine ( ISE ) ▁Software ▁could ▁allow ▁an authenticated ▁remote ▁attacker ▁to ▁conduct ▁a cross-site scripting ( XSS ) ▁attack ▁against ▁a ▁user ▁of ▁the ▁interface ▁of ▁an ▁affected ▁device . ▁This ▁vulnerability ▁is ▁due ▁to ▁insufficient ▁input validation . ▁An ▁attacker ▁could ▁exploit ▁this ▁vulnerability ▁by persuading ▁an authenticated admin ▁is t rator ▁of ▁the web-based ▁man a gem ent ▁interface ▁to ▁click ▁a malicious ▁link . ▁A ▁successful ▁exploit ▁could ▁allow ▁the ▁attacker ▁to ▁execute ▁arbitrary sc ▁rip t ▁code ▁in ▁the ▁context ▁of ▁the ▁affected ▁interface ▁or ▁access ▁sensitive browser-based ▁in for matio n . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
SHAP (words)
A vulnerability in the External RESTful Services ( ERS) API of Cisco Identity Services Engine ( ISE) Software could allow an authenticated remote attacker to conduct a cross- site scripting ( XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web- based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser- based information
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability in the External RESTful Services ( ER ##S ) A PI of Cisco Identity Services Engine ( ISE ) Software could allow an authenticated remote attacker to conduct a cross-site scripting ( XSS ) attack against a user of the int er ##face of an affected dev ice . This vulnerability is due to insufficient input validation . An attacker could exploit this vulnerability by persuading an authenticated admin is ##tra ##tor of the web-based man ##a gem en ##t int er ##face to cli c ##k a malicious link . A successful exploit could allow the attacker to exec u ##te arbitrary sc r ip t code in the context of the affected int er ##face or access sensitive browser-based info ##r matio n . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability in the External RESTful Services ( ER ##S ) A PI of Cisco Identity Services Engine ( ISE ) Software could allow an authenticated remote attacker to conduct a cross-site scripting ( XSS ) attack against a user of the int er ##face of an affected dev ice . This vulnerability is due to insufficient input validation . An attacker could exploit this vulnerability by persuading an authenticated admin is ##tra ##tor of the web-based man ##a gem en ##t int er ##face to cli c ##k a malicious link . A successful exploit could allow the attacker to exec u ##te arbitrary sc r ip t code in the context of the affected int er ##face or access sensitive browser-based info ##r matio n . [SEP]
LIME (words)
A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
SHAP (words)
A vulnerability in the External RESTful Services ( ERS) API of Cisco Identity Services Engine ( ISE) Software could allow an authenticated remote attacker to conduct a cross- site scripting ( XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web- based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser- based information
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability in the External RESTful Services ( ER ##S ) A PI of Cisco Identity Services Engine ( ISE ) Software could allow an authenticated remote attacker to conduct a cross-site scripting ( XSS ) attack against a user of the int er ##face of an affected dev ice . This vulnerability is due to insufficient input validation . An attacker could exploit this vulnerability by persuading an authenticated admin is ##tra ##tor of the web-based man ##a gem en ##t int er ##face to cli c ##k a malicious link . A successful exploit could allow the attacker to exec u ##te arbitrary sc r ip t code in the context of the affected int er ##face or access sensitive browser-based info ##r matio n . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability in the External RESTful Services ( ER ##S ) A PI of Cisco Identity Services Engine ( ISE ) Software could allow an authenticated remote attacker to conduct a cross-site scripting ( XSS ) attack against a user of the int er ##face of an affected dev ice . This vulnerability is due to insufficient input validation . An attacker could exploit this vulnerability by persuading an authenticated admin is ##tra ##tor of the web-based man ##a gem en ##t int er ##face to cli c ##k a malicious link . A successful exploit could allow the attacker to exec u ##te arbitrary sc r ip t code in the context of the affected int er ##face or access sensitive browser-based info ##r matio n . [SEP]
LIME (words)
A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
SHAP (words)
A vulnerability in the External RESTful Services ( ERS) API of Cisco Identity Services Engine ( ISE) Software could allow an authenticated remote attacker to conduct a cross- site scripting ( XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web- based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser- based information
#26 · cve_id CVE-2022-38664 · i
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Jenkins ▁Job Configuration ▁History Plugin ▁11 65 . v 8 cc 9 f d 1 f 45 97 ▁and ▁earlier ▁does ▁not e sc ▁a pe ▁the ▁job ▁name ▁on ▁the ▁System Configuration ▁History ▁page ▁resulting ▁in ▁a ▁stored cross-site scripting ( XSS ) ▁vulnerability exploitable ▁by ▁attackers ▁able ▁to configure ▁job ▁names . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.
SHAP (words)
Jenkins Job Configuration History Plugin 1165. v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page resulting in a stored cross- site scripting ( XSS) vulnerability exploitable by attackers able to configure job names
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Jenkins Job Configuration History Plugin 116 ##5 . v ##8 ##cc ##9 ##f ##d ##1 ##f ##45 ##9 ##7 and earlier does not e sc a ##pe the job name on the System Configuration History page resulting in a stored cross-site scripting ( XSS ) vulnerability exploitable by attackers able to configure job names . [SEP]
LRP (+Pred, pos-only)
[CLS] Jenkins Job Configuration History Plugin 116 ##5 . v ##8 ##cc ##9 ##f ##d ##1 ##f ##45 ##9 ##7 and earlier does not e sc a ##pe the job name on the System Configuration History page resulting in a stored cross-site scripting ( XSS ) vulnerability exploitable by attackers able to configure job names . [SEP]
LIME (words)
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.
SHAP (words)
Jenkins Job Configuration History Plugin 1165. v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page resulting in a stored cross- site scripting ( XSS) vulnerability exploitable by attackers able to configure job names
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Jenkins Job Configuration History Plugin 116 ##5 . v ##8 ##cc ##9 ##f ##d ##1 ##f ##45 ##9 ##7 and earlier does not e sc a ##pe the job name on the System Configuration History page resulting in a stored cross-site scripting ( XSS ) vulnerability exploitable by attackers able to configure job names . [SEP]
LRP (+Pred, pos-only)
[CLS] Jenkins Job Configuration History Plugin 116 ##5 . v ##8 ##cc ##9 ##f ##d ##1 ##f ##45 ##9 ##7 and earlier does not e sc a ##pe the job name on the System Configuration History page resulting in a stored cross-site scripting ( XSS ) vulnerability exploitable by attackers able to configure job names . [SEP]
LIME (words)
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.
SHAP (words)
Jenkins Job Configuration History Plugin 1165. v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page resulting in a stored cross- site scripting ( XSS) vulnerability exploitable by attackers able to configure job names
#27 · cve_id CVE-2022-24765 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Git ▁for ▁Windows ▁is ▁a ▁for k ▁of Git ▁containing ▁Windows - spec ific ▁patches . ▁This ▁vulnerability ▁affects ▁users ▁working ▁on ▁multi - user ▁machines ▁where untrusted ▁parties ▁have ▁write ▁access ▁to ▁the ▁same ▁hard ▁disk . ▁Those untrusted ▁parties ▁could ▁create ▁the ▁folder ▁` C : \ . git ` ▁which ▁would ▁be ▁picked ▁up ▁by Git ▁operations ▁run ▁supposedly ▁out sid e ▁a repository ▁while ▁searching ▁for ▁a Git ▁directory . Git ▁would ▁then re spec t ▁any config ▁in ▁said Git ▁directory . Git Bash ▁users ▁who ▁set ▁` G IT _ PS 1 _ S HO WD IR TY STAT E ` ▁are ▁vulnerable ▁as ▁well . User s ▁who ▁installed ▁po sh - git are ▁vulnerable ▁simply ▁by ▁starting ▁a PowerShell . User s ▁of IDE s ▁such ▁as ▁Visual ▁Studio ▁are ▁vulnerable : ▁simply ▁creating ▁a ▁new ▁project ▁would ▁already ▁read ▁and re spec t ▁the config spec ified ▁in ▁` C : \ . git \ config ` . User s ▁of ▁the ▁Microsoft ▁for k ▁of Git ▁are ▁vulnerable ▁simply ▁by ▁starting ▁a Git Bash . ▁The ▁problem ▁has ▁been patched ▁in Git ▁for ▁Windows ▁v 2 . 35 . 2 . User s ▁unable ▁to ▁upgrade ▁may ▁create ▁the ▁folder ▁` . git ` ▁on ▁all ▁drives ▁where Git ▁commands ▁are ▁run ▁and ▁remove ▁read / write ▁access ▁from ▁those folders ▁as ▁a workaround . ▁Alternatively ▁define ▁or ▁extend ▁` G IT _ CE IL ING _ D I REC TOR IES ` ▁to ▁cover ▁the ▁_ parent _ ▁directory ▁of ▁the ▁user ▁profile e . g . ▁` C : \ User s ` ▁if ▁the ▁user ▁profile ▁is ▁located ▁in ▁` C : \ User s \ my - user - name ` . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git` which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run and remove read/write access from those folders as a workaround. Alternatively define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.
SHAP (words)
Git for Windows is a fork of Git containing Windows- specific patches. This vulnerability affects users working on multi- user machines where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder ` C:\. git` which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set ` GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh- gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in ` C:\. git\ config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2. 35. 2. Users unable to upgrade may create the folder `. git` on all drives where Git commands are run and remove read/ write access from those folders as a workaround. Alternatively define or extend ` GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile e. g. ` C:\ Users` if the user profile is located in ` C:\ Users\ my- user- name
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Git for Windows is a fork of Git containing Windows - spec if ##ic patches . This vulnerability affects users working on multi - user machines where untrusted parties have w ##r ite access to the same hard disk . Those untrusted parties could create the folder ` C : \ . git ` which would be picked up by Git operations run supposedly out sid e a repository while searching for a Git directory . Git would then re spec t any config in said Git directory . Git Bash users who set ` G ##IT _ PS ##1 _ SH ##O WD IR T ##Y ##S TA T ##E ` are vulnerable as well . User s who installed p ##osh - git are vulnerable simply by s tar tin ##g a PowerShell . User s of IDE s such as Visual Studio are vulnerable : simply creating a new project would already read and re spec t the config spec if ##ied in ` C : \ . git \ config ` . User s of the Microsoft fork of Git are vulnerable simply by s tar tin ##g a Git Bash . The problem has been patched in Git for Windows v ##2 . 35 . 2 . User s unable to upgrade may create the folder ` . git ` on all drives where Git commands are run and remove read / w ##r ite access from those folders as a workaround . Alternatively define or extend ` G ##IT _ CE ##IL ##I NG _ D IR EC ##TO ##R IE S ` to cover the _ parent _ directory of the user profile e . g . ` C : \ User s ` if the user profile is located in ` C : \ User s \ my - user - name ` . [SEP]
LRP (+Pred, pos-only)
[CLS] Git for Windows is a fork of Git containing Windows - spec if ##ic patches . This vulnerability affects users working on multi - user machines where untrusted parties have w ##r ite access to the same hard disk . Those untrusted parties could create the folder ` C : \ . git ` which would be picked up by Git operations run supposedly out sid e a repository while searching for a Git directory . Git would then re spec t any config in said Git directory . Git Bash users who set ` G ##IT _ PS ##1 _ SH ##O WD IR T ##Y ##S TA T ##E ` are vulnerable as well . User s who installed p ##osh - git are vulnerable simply by s tar tin ##g a PowerShell . User s of IDE s such as Visual Studio are vulnerable : simply creating a new project would already read and re spec t the config spec if ##ied in ` C : \ . git \ config ` . User s of the Microsoft fork of Git are vulnerable simply by s tar tin ##g a Git Bash . The problem has been patched in Git for Windows v ##2 . 35 . 2 . User s unable to upgrade may create the folder ` . git ` on all drives where Git commands are run and remove read / w ##r ite access from those folders as a workaround . Alternatively define or extend ` G ##IT _ CE ##IL ##I NG _ D IR EC ##TO ##R IE S ` to cover the _ parent _ directory of the user profile e . g . ` C : \ User s ` if the user profile is located in ` C : \ User s \ my - user - name ` . [SEP]
LIME (words)
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git` which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run and remove read/write access from those folders as a workaround. Alternatively define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.
SHAP (words)
Git for Windows is a fork of Git containing Windows- specific patches. This vulnerability affects users working on multi- user machines where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder ` C:\. git` which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set ` GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh- gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in ` C:\. git\ config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2. 35. 2. Users unable to upgrade may create the folder `. git` on all drives where Git commands are run and remove read/ write access from those folders as a workaround. Alternatively define or extend ` GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile e. g. ` C:\ Users` if the user profile is located in ` C:\ Users\ my- user- name
lrp-distilbert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Git for Windows is a fork of Git containing Windows - spec if ##ic patches . This vulnerability affects users working on multi - user machines where untrusted parties have w ##r ite access to the same hard disk . Those untrusted parties could create the folder ` C : \ . git ` which would be picked up by Git operations run supposedly out sid e a repository while searching for a Git directory . Git would then re spec t any config in said Git directory . Git Bash users who set ` G ##IT _ PS ##1 _ SH ##O WD IR T ##Y ##S TA T ##E ` are vulnerable as well . User s who installed p ##osh - git are vulnerable simply by s tar tin ##g a PowerShell . User s of IDE s such as Visual Studio are vulnerable : simply creating a new project would already read and re spec t the config spec if ##ied in ` C : \ . git \ config ` . User s of the Microsoft fork of Git are vulnerable simply by s tar tin ##g a Git Bash . The problem has been patched in Git for Windows v ##2 . 35 . 2 . User s unable to upgrade may create the folder ` . git ` on all drives where Git commands are run and remove read / w ##r ite access from those folders as a workaround . Alternatively define or extend ` G ##IT _ CE ##IL ##I NG _ D IR EC ##TO ##R IE S ` to cover the _ parent _ directory of the user profile e . g . ` C : \ User s ` if the user profile is located in ` C : \ User s \ my - user - name ` . [SEP]
LRP (+Pred, pos-only)
[CLS] Git for Windows is a fork of Git containing Windows - spec if ##ic patches . This vulnerability affects users working on multi - user machines where untrusted parties have w ##r ite access to the same hard disk . Those untrusted parties could create the folder ` C : \ . git ` which would be picked up by Git operations run supposedly out sid e a repository while searching for a Git directory . Git would then re spec t any config in said Git directory . Git Bash users who set ` G ##IT _ PS ##1 _ SH ##O WD IR T ##Y ##S TA T ##E ` are vulnerable as well . User s who installed p ##osh - git are vulnerable simply by s tar tin ##g a PowerShell . User s of IDE s such as Visual Studio are vulnerable : simply creating a new project would already read and re spec t the config spec if ##ied in ` C : \ . git \ config ` . User s of the Microsoft fork of Git are vulnerable simply by s tar tin ##g a Git Bash . The problem has been patched in Git for Windows v ##2 . 35 . 2 . User s unable to upgrade may create the folder ` . git ` on all drives where Git commands are run and remove read / w ##r ite access from those folders as a workaround . Alternatively define or extend ` G ##IT _ CE ##IL ##I NG _ D IR EC ##TO ##R IE S ` to cover the _ parent _ directory of the user profile e . g . ` C : \ User s ` if the user profile is located in ` C : \ User s \ my - user - name ` . [SEP]
LIME (words)
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git` which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run and remove read/write access from those folders as a workaround. Alternatively define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.
SHAP (words)
Git for Windows is a fork of Git containing Windows- specific patches. This vulnerability affects users working on multi- user machines where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder ` C:\. git` which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set ` GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh- gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in ` C:\. git\ config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2. 35. 2. Users unable to upgrade may create the folder `. git` on all drives where Git commands are run and remove read/ write access from those folders as a workaround. Alternatively define or extend ` GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile e. g. ` C:\ Users` if the user profile is located in ` C:\ Users\ my- user- name
#28 · cve_id CVE-2022-46316 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁thread ▁security ▁vulnerability ▁exists ▁in ▁the authentication ▁process . Successful ▁exploitation ▁of ▁this ▁vulnerability ▁may ▁affect ▁data ▁integrity confidentiality ▁and ▁availability . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity confidentiality and availability.
SHAP (words)
A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity confidentiality and availability
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A thread se ##c uri t ##y vulnerability exists in the authentication process . Successful exploitation of this vulnerability may affect data int e ##g ##rity confidentiality and availability . [SEP]
LRP (+Pred, pos-only)
[CLS] A thread se ##c uri t ##y vulnerability exists in the authentication process . Successful exploitation of this vulnerability may affect data int e ##g ##rity confidentiality and availability . [SEP]
LIME (words)
A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity confidentiality and availability.
SHAP (words)
A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity confidentiality and availability
lrp-distilbert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A thread se ##c uri t ##y vulnerability exists in the authentication process . Successful exploitation of this vulnerability may affect data int e ##g ##rity confidentiality and availability . [SEP]
LRP (+Pred, pos-only)
[CLS] A thread se ##c uri t ##y vulnerability exists in the authentication process . Successful exploitation of this vulnerability may affect data int e ##g ##rity confidentiality and availability . [SEP]
LIME (words)
A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity confidentiality and availability.
SHAP (words)
A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity confidentiality and availability
#29 · cve_id CVE-2019-16932 · i
GT=HIGH (2)
xlnet · Pred=NONE (0) · p=0.90 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁blind SSRF ▁vulnerability ▁exists ▁in ▁the ▁Visual izer plugin ▁before ▁3 . 3 . 1 ▁for WordPress ▁via w p - js ▁on / visual izer / v 1/ upload - data . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.
SHAP (words)
A blind SSRF vulnerability exists in the Visualizer plugin before 3. 3. 1 for WordPress via wp- json/ visualizer/ v1/ upload- data
lrp-bert · Pred=NONE (0) · p=0.62 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A blind SSRF vulnerability exists in the Visual ##izer plugin before 3 . 3 . 1 for WordPress via w ##p - js on / visual ##izer / v ##1 / upload - data . [SEP]
LRP (+Pred, pos-only)
[CLS] A blind SSRF vulnerability exists in the Visual ##izer plugin before 3 . 3 . 1 for WordPress via w ##p - js on / visual ##izer / v ##1 / upload - data . [SEP]
LIME (words)
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.
SHAP (words)
A blind SSRF vulnerability exists in the Visualizer plugin before 3. 3. 1 for WordPress via wp- json/ visualizer/ v1/ upload- data
lrp-distilbert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A blind SSRF vulnerability exists in the Visual ##izer plugin before 3 . 3 . 1 for WordPress via w ##p - js on / visual ##izer / v ##1 / upload - data . [SEP]
LRP (+Pred, pos-only)
[CLS] A blind SSRF vulnerability exists in the Visual ##izer plugin before 3 . 3 . 1 for WordPress via w ##p - js on / visual ##izer / v ##1 / upload - data . [SEP]
LIME (words)
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.
SHAP (words)
A blind SSRF vulnerability exists in the Visualizer plugin before 3. 3. 1 for WordPress via wp- json/ visualizer/ v1/ upload- data
#30 · cve_id CVE-2021-21751 · i
GT=HIGH (2)
xlnet · Pred=LOW (1) · p=0.56 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
ZTE ▁Big Video ▁analysis ▁product ▁has ▁an ▁input verification ▁vulnerability . ▁Due ▁to ▁the inconsistency ▁between ▁the ▁front ▁and ▁back verification s ▁when configuring ▁the ▁large sc re en ▁page ▁an ▁attacker ▁with ▁high ▁privileges ▁could ▁exploit ▁this ▁vulnerability ▁to tamper ▁with ▁the URL ▁and ▁cause ▁service ▁exception . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception.
SHAP (words)
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception
lrp-bert · Pred=HIGH (2) · p=0.94 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] ZTE Big ##V ##ide ##o analysis product has an input verification vulnerability . Due to the inconsistency between the front and back verification s when configuring the large sc re ##en page an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception . [SEP]
LRP (+Pred, pos-only)
[CLS] ZTE Big ##V ##ide ##o analysis product has an input verification vulnerability . Due to the inconsistency between the front and back verification s when configuring the large sc re ##en page an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception . [SEP]
LIME (words)
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception.
SHAP (words)
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] ZTE Big ##V ##ide ##o analysis product has an input verification vulnerability . Due to the inconsistency between the front and back verification s when configuring the large sc re ##en page an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception . [SEP]
LRP (+Pred, pos-only)
[CLS] ZTE Big ##V ##ide ##o analysis product has an input verification vulnerability . Due to the inconsistency between the front and back verification s when configuring the large sc re ##en page an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception . [SEP]
LIME (words)
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception.
SHAP (words)
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception
#31 · cve_id CVE-2022-30489 · i
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
WAV LIN K ▁W N 5 35 ▁G 3 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a cross-site scripting ( XSS ) ▁vulnerability ▁via ▁the hostname param eter ▁at / c gi - bin / login . c gi . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
SHAP (words)
WAVLINK WN535 G3 was discovered to contain a cross- site scripting ( XSS) vulnerability via the hostname parameter at / cgi- bin/ login. cgi
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] WAV L ##IN ##K W ##N ##53 ##5 G ##3 was di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability via the hostname param et ##er at / c ##gi - bin / login . c ##gi . [SEP]
LRP (+Pred, pos-only)
[CLS] WAV L ##IN ##K W ##N ##53 ##5 G ##3 was di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability via the hostname param et ##er at / c ##gi - bin / login . c ##gi . [SEP]
LIME (words)
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
SHAP (words)
WAVLINK WN535 G3 was discovered to contain a cross- site scripting ( XSS) vulnerability via the hostname parameter at / cgi- bin/ login. cgi
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] WAV L ##IN ##K W ##N ##53 ##5 G ##3 was di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability via the hostname param et ##er at / c ##gi - bin / login . c ##gi . [SEP]
LRP (+Pred, pos-only)
[CLS] WAV L ##IN ##K W ##N ##53 ##5 G ##3 was di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability via the hostname param et ##er at / c ##gi - bin / login . c ##gi . [SEP]
LIME (words)
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
SHAP (words)
WAVLINK WN535 G3 was discovered to contain a cross- site scripting ( XSS) vulnerability via the hostname parameter at / cgi- bin/ login. cgi
#32 · cve_id CVE-2023-39987 · i
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Auth . ( admin ▁+ ) Stored Cross-Site Scripting ( XSS ) ▁vulnerability ▁in ▁A jay ▁Lu lia w Secure Lite plugin ▁< = ▁2 . 5 ▁versions . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay Lulia wSecure Lite plugin <= 2.5 versions.
SHAP (words)
Auth. ( admin+) Stored Cross- Site Scripting ( XSS) vulnerability in Ajay Lulia wSecure Lite plugin <=  2. 5 versions
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Auth . ( admin + ) Stored Cross-Site Scripting ( XSS ) vulnerability in A ##jay Lu ##lia w Secure Lite plugin < = 2 . 5 versions . [SEP]
LRP (+Pred, pos-only)
[CLS] Auth . ( admin + ) Stored Cross-Site Scripting ( XSS ) vulnerability in A ##jay Lu ##lia w Secure Lite plugin < = 2 . 5 versions . [SEP]
LIME (words)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay Lulia wSecure Lite plugin <= 2.5 versions.
SHAP (words)
Auth. ( admin+) Stored Cross- Site Scripting ( XSS) vulnerability in Ajay Lulia wSecure Lite plugin <=  2. 5 versions
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Auth . ( admin + ) Stored Cross-Site Scripting ( XSS ) vulnerability in A ##jay Lu ##lia w Secure Lite plugin < = 2 . 5 versions . [SEP]
LRP (+Pred, pos-only)
[CLS] Auth . ( admin + ) Stored Cross-Site Scripting ( XSS ) vulnerability in A ##jay Lu ##lia w Secure Lite plugin < = 2 . 5 versions . [SEP]
LIME (words)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay Lulia wSecure Lite plugin <= 2.5 versions.
SHAP (words)
Auth. ( admin+) Stored Cross- Site Scripting ( XSS) vulnerability in Ajay Lulia wSecure Lite plugin <=  2. 5 versions
#33 · cve_id CVE-2023-1763 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Canon ▁I J ▁Network Tool / Ver . 4 . 7 . 5 ▁and ▁earlier ( supported ▁OS : ▁OS ▁X ▁10 . 9 . 5 - macOS ▁13 ) ▁I J ▁Network Tool / Ver . 4 . 7 . 3 ▁and ▁earlier ( supported ▁OS : ▁OS ▁X ▁10 . 7 . 5 - OS ▁X ▁10 . 8 ) ▁allows ▁an ▁attacker ▁to ▁acquire ▁sensitive ▁in for matio n ▁on ▁the Wi-Fi ▁connection ▁setup ▁of ▁the ▁printer ▁from ▁the ▁software . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13) IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software.
SHAP (words)
Canon IJ Network Tool/ Ver. 4. 7. 5 and earlier ( supported OS: OS X 10. 9. 5- macOS 13) IJ Network Tool/ Ver. 4. 7. 3 and earlier ( supported OS: OS X 10. 7. 5- OS X 10. 8) allows an attacker to acquire sensitive information on the Wi- Fi connection setup of the printer from the software
lrp-bert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Canon I ##J Network Tool / Ver . 4 . 7 . 5 and earlier ( supported OS : OS X 10 . 9 . 5 - macOS 13 ) I ##J Network Tool / Ver . 4 . 7 . 3 and earlier ( supported OS : OS X 10 . 7 . 5 - OS X 10 . 8 ) allows an attacker to acquire sensitive info ##r matio n on the Wi-Fi connection setup of the p ##r int er from the software . [SEP]
LRP (+Pred, pos-only)
[CLS] Canon I ##J Network Tool / Ver . 4 . 7 . 5 and earlier ( supported OS : OS X 10 . 9 . 5 - macOS 13 ) I ##J Network Tool / Ver . 4 . 7 . 3 and earlier ( supported OS : OS X 10 . 7 . 5 - OS X 10 . 8 ) allows an attacker to acquire sensitive info ##r matio n on the Wi-Fi connection setup of the p ##r int er from the software . [SEP]
LIME (words)
Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13) IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software.
SHAP (words)
Canon IJ Network Tool/ Ver. 4. 7. 5 and earlier ( supported OS: OS X 10. 9. 5- macOS 13) IJ Network Tool/ Ver. 4. 7. 3 and earlier ( supported OS: OS X 10. 7. 5- OS X 10. 8) allows an attacker to acquire sensitive information on the Wi- Fi connection setup of the printer from the software
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Canon I ##J Network Tool / Ver . 4 . 7 . 5 and earlier ( supported OS : OS X 10 . 9 . 5 - macOS 13 ) I ##J Network Tool / Ver . 4 . 7 . 3 and earlier ( supported OS : OS X 10 . 7 . 5 - OS X 10 . 8 ) allows an attacker to acquire sensitive info ##r matio n on the Wi-Fi connection setup of the p ##r int er from the software . [SEP]
LRP (+Pred, pos-only)
[CLS] Canon I ##J Network Tool / Ver . 4 . 7 . 5 and earlier ( supported OS : OS X 10 . 9 . 5 - macOS 13 ) I ##J Network Tool / Ver . 4 . 7 . 3 and earlier ( supported OS : OS X 10 . 7 . 5 - OS X 10 . 8 ) allows an attacker to acquire sensitive info ##r matio n on the Wi-Fi connection setup of the p ##r int er from the software . [SEP]
LIME (words)
Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13) IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software.
SHAP (words)
Canon IJ Network Tool/ Ver. 4. 7. 5 and earlier ( supported OS: OS X 10. 9. 5- macOS 13) IJ Network Tool/ Ver. 4. 7. 3 and earlier ( supported OS: OS X 10. 7. 5- OS X 10. 8) allows an attacker to acquire sensitive information on the Wi- Fi connection setup of the printer from the software
#34 · cve_id CVE-2022-24588 · i
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Flat press ▁v 1 . 2 . 1 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a cross-site scripting ( XSS ) ▁vulnerability ▁in ▁the Upload SVG ▁File ▁function . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function.
SHAP (words)
Flatpress v1. 2. 1 was discovered to contain a cross- site scripting ( XSS) vulnerability in the Upload SVG File function
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Flat ##press v ##1 . 2 . 1 was di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability in the Upload SVG File function . [SEP]
LRP (+Pred, pos-only)
[CLS] Flat ##press v ##1 . 2 . 1 was di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability in the Upload SVG File function . [SEP]
LIME (words)
Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function.
SHAP (words)
Flatpress v1. 2. 1 was discovered to contain a cross- site scripting ( XSS) vulnerability in the Upload SVG File function
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Flat ##press v ##1 . 2 . 1 was di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability in the Upload SVG File function . [SEP]
LRP (+Pred, pos-only)
[CLS] Flat ##press v ##1 . 2 . 1 was di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability in the Upload SVG File function . [SEP]
LIME (words)
Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function.
SHAP (words)
Flatpress v1. 2. 1 was discovered to contain a cross- site scripting ( XSS) vulnerability in the Upload SVG File function
#35 · cve_id CVE-2019-8119 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁remote ▁code ▁execution ▁vulnerability ▁exists ▁in Magento ▁2 . 1 ▁prior ▁to ▁2 . 1 . 19 Magento ▁2 . 2 ▁prior ▁to ▁2 . 2 . 10 Magento ▁2 . 3 ▁prior ▁to ▁2 . 3 . 3 . ▁An authenticated admin ▁user ▁with ▁import ▁product ▁privileges ▁can delete ▁files ▁through ▁bulk ▁product ▁import ▁and inject ▁code ▁into XSLT ▁file . ▁The ▁combination ▁of ▁these manipulations ▁can ▁lead ▁to ▁remote ▁code ▁execution . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19 Magento 2.2 prior to 2.2.10 Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these manipulations can lead to remote code execution.
SHAP (words)
A remote code execution vulnerability exists in Magento 2. 1 prior to 2. 1. 19 Magento 2. 2 prior to 2. 2. 10 Magento 2. 3 prior to 2. 3. 3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these manipulations can lead to remote code execution
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A remote code exec u ##tion vulnerability exists in Magento 2 . 1 prior to 2 . 1 . 19 Magento 2 . 2 prior to 2 . 2 . 10 Magento 2 . 3 prior to 2 . 3 . 3 . An authenticated admin user with import product privileges can delete files through bulk product import and inject code int o XSLT file . The combination of these manipulations can lead to remote code exec u ##tion . [SEP]
LRP (+Pred, pos-only)
[CLS] A remote code exec u ##tion vulnerability exists in Magento 2 . 1 prior to 2 . 1 . 19 Magento 2 . 2 prior to 2 . 2 . 10 Magento 2 . 3 prior to 2 . 3 . 3 . An authenticated admin user with import product privileges can delete files through bulk product import and inject code int o XSLT file . The combination of these manipulations can lead to remote code exec u ##tion . [SEP]
LIME (words)
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19 Magento 2.2 prior to 2.2.10 Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these manipulations can lead to remote code execution.
SHAP (words)
A remote code execution vulnerability exists in Magento 2. 1 prior to 2. 1. 19 Magento 2. 2 prior to 2. 2. 10 Magento 2. 3 prior to 2. 3. 3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these manipulations can lead to remote code execution
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A remote code exec u ##tion vulnerability exists in Magento 2 . 1 prior to 2 . 1 . 19 Magento 2 . 2 prior to 2 . 2 . 10 Magento 2 . 3 prior to 2 . 3 . 3 . An authenticated admin user with import product privileges can delete files through bulk product import and inject code int o XSLT file . The combination of these manipulations can lead to remote code exec u ##tion . [SEP]
LRP (+Pred, pos-only)
[CLS] A remote code exec u ##tion vulnerability exists in Magento 2 . 1 prior to 2 . 1 . 19 Magento 2 . 2 prior to 2 . 2 . 10 Magento 2 . 3 prior to 2 . 3 . 3 . An authenticated admin user with import product privileges can delete files through bulk product import and inject code int o XSLT file . The combination of these manipulations can lead to remote code exec u ##tion . [SEP]
LIME (words)
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19 Magento 2.2 prior to 2.2.10 Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these manipulations can lead to remote code execution.
SHAP (words)
A remote code execution vulnerability exists in Magento 2. 1 prior to 2. 1. 19 Magento 2. 2 prior to 2. 2. 10 Magento 2. 3 prior to 2. 3. 3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these manipulations can lead to remote code execution
#36 · cve_id CVE-2021-46481 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Jsish ▁v 3 . 5 . 0 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a ▁memory ▁leak ▁via ▁line no ise ▁at src / line no ise . c . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Jsish v3.5.0 was discovered to contain a memory leak via linenoise at src/linenoise.c.
SHAP (words)
Jsish v3. 5. 0 was discovered to contain a memory leak via linenoise at src/ linenoise. c
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Jsish v ##3 . 5 . 0 was di sc over ##ed to contain a memory leak via linen ##oise at src / linen ##oise . c . [SEP]
LRP (+Pred, pos-only)
[CLS] Jsish v ##3 . 5 . 0 was di sc over ##ed to contain a memory leak via linen ##oise at src / linen ##oise . c . [SEP]
LIME (words)
Jsish v3.5.0 was discovered to contain a memory leak via linenoise at src/linenoise.c.
SHAP (words)
Jsish v3. 5. 0 was discovered to contain a memory leak via linenoise at src/ linenoise. c
lrp-distilbert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Jsish v ##3 . 5 . 0 was di sc over ##ed to contain a memory leak via linen ##oise at src / linen ##oise . c . [SEP]
LRP (+Pred, pos-only)
[CLS] Jsish v ##3 . 5 . 0 was di sc over ##ed to contain a memory leak via linen ##oise at src / linen ##oise . c . [SEP]
LIME (words)
Jsish v3.5.0 was discovered to contain a memory leak via linenoise at src/linenoise.c.
SHAP (words)
Jsish v3. 5. 0 was discovered to contain a memory leak via linenoise at src/ linenoise. c
#37 · cve_id CVE-2021-35073 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Possible ▁assertion ▁due ▁to improper validation ▁of ▁rank ▁restriction ▁field ▁in Snapdragon ▁Auto Snapdragon Compute Snapdragon Connectivity Snapdragon ▁Industrial IOT Snapdragon ▁Mobile <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Possible assertion due to improper validation of rank restriction field in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Industrial IOT Snapdragon Mobile
SHAP (words)
Possible assertion due to improper validation of rank restriction field in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Industrial IOT Snapdragon Mobile
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Possible assertion due to improper validation of rank restriction field in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Industrial IOT Snapdragon Mobile [SEP]
LRP (+Pred, pos-only)
[CLS] Possible assertion due to improper validation of rank restriction field in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Industrial IOT Snapdragon Mobile [SEP]
LIME (words)
Possible assertion due to improper validation of rank restriction field in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Industrial IOT Snapdragon Mobile
SHAP (words)
Possible assertion due to improper validation of rank restriction field in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Industrial IOT Snapdragon Mobile
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Possible assertion due to improper validation of rank restriction field in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Industrial IOT Snapdragon Mobile [SEP]
LRP (+Pred, pos-only)
[CLS] Possible assertion due to improper validation of rank restriction field in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Industrial IOT Snapdragon Mobile [SEP]
LIME (words)
Possible assertion due to improper validation of rank restriction field in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Industrial IOT Snapdragon Mobile
SHAP (words)
Possible assertion due to improper validation of rank restriction field in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Industrial IOT Snapdragon Mobile
#38 · cve_id CVE-2020-0492 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In ▁Bit stream Fi ll Cache ▁of ▁bit stream . c pp ▁there ▁is ▁a ▁po ssi ble ▁out ▁of ▁bound s ▁read ▁due ▁to ▁a ▁heap ▁buffer overflow . ▁This ▁could ▁lead ▁to ▁remote ▁in for matio n ▁di sc los ure ▁with ▁no ▁additional ▁execution ▁privileges ▁needed . User ▁interaction ▁is ▁needed ▁for ▁exploitation . Pro duct : ▁Android Versions : ▁Android - 11 And roid ▁ID : ▁A - 15 40 58 264 <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In BitstreamFillCache of bitstream.cpp there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154058264
SHAP (words)
In BitstreamFillCache of bitstream. cpp there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android- 11Android ID: A- 154058264
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In Bit ##stream ##F ##ill Cache of bits ##tre ##am . c ##pp there is a p ##o ssi b ##le out of bounds read due to a heap buffer overflow . This could lead to remote info ##r matio n di sc los ##ure with no additional exec u ##tion privileges needed . User int era ##ction is needed for exploitation . Product : Android Versions : Android - 11 ##A ##nd ##roid ID : A - 154 ##0 ##5 ##8 ##26 ##4 [SEP]
LRP (+Pred, pos-only)
[CLS] In Bit ##stream ##F ##ill Cache of bits ##tre ##am . c ##pp there is a p ##o ssi b ##le out of bounds read due to a heap buffer overflow . This could lead to remote info ##r matio n di sc los ##ure with no additional exec u ##tion privileges needed . User int era ##ction is needed for exploitation . Product : Android Versions : Android - 11 ##A ##nd ##roid ID : A - 154 ##0 ##5 ##8 ##26 ##4 [SEP]
LIME (words)
In BitstreamFillCache of bitstream.cpp there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154058264
SHAP (words)
In BitstreamFillCache of bitstream. cpp there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android- 11Android ID: A- 154058264
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In Bit ##stream ##F ##ill Cache of bits ##tre ##am . c ##pp there is a p ##o ssi b ##le out of bounds read due to a heap buffer overflow . This could lead to remote info ##r matio n di sc los ##ure with no additional exec u ##tion privileges needed . User int era ##ction is needed for exploitation . Product : Android Versions : Android - 11 ##A ##nd ##roid ID : A - 154 ##0 ##5 ##8 ##26 ##4 [SEP]
LRP (+Pred, pos-only)
[CLS] In Bit ##stream ##F ##ill Cache of bits ##tre ##am . c ##pp there is a p ##o ssi b ##le out of bounds read due to a heap buffer overflow . This could lead to remote info ##r matio n di sc los ##ure with no additional exec u ##tion privileges needed . User int era ##ction is needed for exploitation . Product : Android Versions : Android - 11 ##A ##nd ##roid ID : A - 154 ##0 ##5 ##8 ##26 ##4 [SEP]
LIME (words)
In BitstreamFillCache of bitstream.cpp there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154058264
SHAP (words)
In BitstreamFillCache of bitstream. cpp there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android- 11Android ID: A- 154058264
#39 · cve_id CVE-2023-1456 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁which ▁was cla ssi fi ed ▁as ▁critical ▁has ▁been ▁found ▁in Ubiquiti ▁Edge Router ▁X ▁2 . 0 . 9 - hotfix . 6 . ▁This ▁issue ▁affects ▁some ▁unknown ▁pro ce ssi ng ▁of ▁the ▁component NAT Configuration Handler . ▁The ▁manipulation ▁leads ▁to ▁command inject ion . ▁The ▁attack ▁may ▁be init iated ▁remotely . ▁The ▁exploit ▁has ▁been disclose d ▁to ▁the ▁public ▁and ▁may ▁be ▁used . ▁The ▁real ▁existence ▁of ▁this ▁vulnerability ▁is ▁still ▁doubted ▁at ▁the ▁moment . ▁The identifier ▁V DB - 22 330 1 ▁was ▁a ssi gne d ▁to ▁this ▁vulnerability . NOT ▁E : ▁The ▁vendor ▁position ▁is ▁that post-authentication ▁issues ▁are ▁not ▁accepted ▁as vulnerabilities . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability which was classified as critical has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-223301 was assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.
SHAP (words)
A vulnerability which was classified as critical has been found in Ubiquiti EdgeRouter X 2. 0. 9- hotfix. 6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB- 223301 was assigned to this vulnerability. NOTE: The vendor position is that post- authentication issues are not accepted as vulnerabilities
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability which was c ##la ssi fi ##ed as critical has been found in Ubiquiti Edge Router X 2 . 0 . 9 - hotfix . 6 . This issue affects some unknown pro ##ce ssi ng of the component NAT Configuration Handler . The man ip ul ##ation leads to command inject ion . The attack may be init i ##ated remotely . The exploit has been disclose d to the public and may be used . The real existence of this vulnerability is still doubted at the moment . The identifier V ##D ##B - 223 ##30 ##1 was a ssi g ##ned to this vulnerability . NOT E : The vendor position is that post-authentication issues are not accepted as vulnerabilities . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability which was c ##la ssi fi ##ed as critical has been found in Ubiquiti Edge Router X 2 . 0 . 9 - hotfix . 6 . This issue affects some unknown pro ##ce ssi ng of the component NAT Configuration Handler . The man ip ul ##ation leads to command inject ion . The attack may be init i ##ated remotely . The exploit has been disclose d to the public and may be used . The real existence of this vulnerability is still doubted at the moment . The identifier V ##D ##B - 223 ##30 ##1 was a ssi g ##ned to this vulnerability . NOT E : The vendor position is that post-authentication issues are not accepted as vulnerabilities . [SEP]
LIME (words)
A vulnerability which was classified as critical has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-223301 was assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.
SHAP (words)
A vulnerability which was classified as critical has been found in Ubiquiti EdgeRouter X 2. 0. 9- hotfix. 6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB- 223301 was assigned to this vulnerability. NOTE: The vendor position is that post- authentication issues are not accepted as vulnerabilities
lrp-distilbert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability which was c ##la ssi fi ##ed as critical has been found in Ubiquiti Edge Router X 2 . 0 . 9 - hotfix . 6 . This issue affects some unknown pro ##ce ssi ng of the component NAT Configuration Handler . The man ip ul ##ation leads to command inject ion . The attack may be init i ##ated remotely . The exploit has been disclose d to the public and may be used . The real existence of this vulnerability is still doubted at the moment . The identifier V ##D ##B - 223 ##30 ##1 was a ssi g ##ned to this vulnerability . NOT E : The vendor position is that post-authentication issues are not accepted as vulnerabilities . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability which was c ##la ssi fi ##ed as critical has been found in Ubiquiti Edge Router X 2 . 0 . 9 - hotfix . 6 . This issue affects some unknown pro ##ce ssi ng of the component NAT Configuration Handler . The man ip ul ##ation leads to command inject ion . The attack may be init i ##ated remotely . The exploit has been disclose d to the public and may be used . The real existence of this vulnerability is still doubted at the moment . The identifier V ##D ##B - 223 ##30 ##1 was a ssi g ##ned to this vulnerability . NOT E : The vendor position is that post-authentication issues are not accepted as vulnerabilities . [SEP]
LIME (words)
A vulnerability which was classified as critical has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-223301 was assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.
SHAP (words)
A vulnerability which was classified as critical has been found in Ubiquiti EdgeRouter X 2. 0. 9- hotfix. 6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB- 223301 was assigned to this vulnerability. NOTE: The vendor position is that post- authentication issues are not accepted as vulnerabilities
#40 · cve_id CVE-2022-30387 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Merc hand ise ▁Online ▁Store ▁v 1 . 0 ▁is ▁vulnerable ▁to SQL Injection ▁via / v logger s _ mer ch / class es / Master . php ? f = pay _ order . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order.
SHAP (words)
Merchandise Online Store v1. 0 is vulnerable to SQL Injection via / vloggers_merch/ classes/ Master. php? f= pay_order
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Me ##rch ##and ##ise Online Store v ##1 . 0 is vulnerable to SQL Injection via / v logger s _ me ##rch / classes / Master . php ? f = pay _ order . [SEP]
LRP (+Pred, pos-only)
[CLS] Me ##rch ##and ##ise Online Store v ##1 . 0 is vulnerable to SQL Injection via / v logger s _ me ##rch / classes / Master . php ? f = pay _ order . [SEP]
LIME (words)
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order.
SHAP (words)
Merchandise Online Store v1. 0 is vulnerable to SQL Injection via / vloggers_merch/ classes/ Master. php? f= pay_order
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Me ##rch ##and ##ise Online Store v ##1 . 0 is vulnerable to SQL Injection via / v logger s _ me ##rch / classes / Master . php ? f = pay _ order . [SEP]
LRP (+Pred, pos-only)
[CLS] Me ##rch ##and ##ise Online Store v ##1 . 0 is vulnerable to SQL Injection via / v logger s _ me ##rch / classes / Master . php ? f = pay _ order . [SEP]
LIME (words)
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order.
SHAP (words)
Merchandise Online Store v1. 0 is vulnerable to SQL Injection via / vloggers_merch/ classes/ Master. php? f= pay_order
#41 · cve_id CVE-2020-26987 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁has ▁been ▁identified ▁in ▁J T 2 Go ( All ▁versions ▁< ▁V 13 . 1 . 0 ) Teamcenter Visualization ( All ▁versions ▁< ▁V 13 . 1 . 0 ) . Affected ▁applications ▁lack ▁proper validation ▁of user-supplied ▁data ▁when parsing ▁of TGA ▁files . ▁This ▁could ▁lead ▁to ▁a heap-based ▁buffer overflow . ▁An ▁attacker ▁could ▁leverage ▁this ▁vulnerability ▁to ▁execute ▁code ▁in ▁the ▁context ▁of ▁the ▁current ▁process . ( Z D I - CAN - 1 2016 ▁Z D I - CAN - 1 2017 ) <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability has been identified in JT2Go (All versions < V13.1.0) Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12016 ZDI-CAN-12017)
SHAP (words)
A vulnerability has been identified in JT2Go ( All versions < V13. 1. 0) Teamcenter Visualization ( All versions < V13. 1. 0). Affected applications lack proper validation of user- supplied data when parsing of TGA files. This could lead to a heap- based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. ( ZDI- CAN- 12016 ZDI- CAN- 12017
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been identified in J ##T ##2 ##G ##o ( All versions < V ##13 . 1 . 0 ) Teamcenter Visualization ( All versions < V ##13 . 1 . 0 ) . Affected applications lack proper validation of user-supplied data when parsing of TGA files . This could lead to a heap-based buffer overflow . An attacker could leverage this vulnerability to exec u ##te code in the context of the current process . ( Z ##DI - CAN - 120 ##16 Z ##DI - CAN - 120 ##17 ) [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been identified in J ##T ##2 ##G ##o ( All versions < V ##13 . 1 . 0 ) Teamcenter Visualization ( All versions < V ##13 . 1 . 0 ) . Affected applications lack proper validation of user-supplied data when parsing of TGA files . This could lead to a heap-based buffer overflow . An attacker could leverage this vulnerability to exec u ##te code in the context of the current process . ( Z ##DI - CAN - 120 ##16 Z ##DI - CAN - 120 ##17 ) [SEP]
LIME (words)
A vulnerability has been identified in JT2Go (All versions < V13.1.0) Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12016 ZDI-CAN-12017)
SHAP (words)
A vulnerability has been identified in JT2Go ( All versions < V13. 1. 0) Teamcenter Visualization ( All versions < V13. 1. 0). Affected applications lack proper validation of user- supplied data when parsing of TGA files. This could lead to a heap- based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. ( ZDI- CAN- 12016 ZDI- CAN- 12017
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been identified in J ##T ##2 ##G ##o ( All versions < V ##13 . 1 . 0 ) Teamcenter Visualization ( All versions < V ##13 . 1 . 0 ) . Affected applications lack proper validation of user-supplied data when parsing of TGA files . This could lead to a heap-based buffer overflow . An attacker could leverage this vulnerability to exec u ##te code in the context of the current process . ( Z ##DI - CAN - 120 ##16 Z ##DI - CAN - 120 ##17 ) [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been identified in J ##T ##2 ##G ##o ( All versions < V ##13 . 1 . 0 ) Teamcenter Visualization ( All versions < V ##13 . 1 . 0 ) . Affected applications lack proper validation of user-supplied data when parsing of TGA files . This could lead to a heap-based buffer overflow . An attacker could leverage this vulnerability to exec u ##te code in the context of the current process . ( Z ##DI - CAN - 120 ##16 Z ##DI - CAN - 120 ##17 ) [SEP]
LIME (words)
A vulnerability has been identified in JT2Go (All versions < V13.1.0) Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12016 ZDI-CAN-12017)
SHAP (words)
A vulnerability has been identified in JT2Go ( All versions < V13. 1. 0) Teamcenter Visualization ( All versions < V13. 1. 0). Affected applications lack proper validation of user- supplied data when parsing of TGA files. This could lead to a heap- based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. ( ZDI- CAN- 12016 ZDI- CAN- 12017
#42 · cve_id CVE-2023-23135 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁arbitrary ▁file upload ▁vulnerability ▁in ▁F t d m s ▁v 3 . 1 . 6 ▁allows ▁attackers ▁to ▁execute ▁arbitrary ▁code ▁via uploading ▁a ▁crafted ▁J PG ▁file . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file.
SHAP (words)
An arbitrary file upload vulnerability in Ftdms v3. 1. 6 allows attackers to execute arbitrary code via uploading a crafted JPG file
lrp-bert · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An arbitrary file upload vulnerability in F ##t ##d ##ms v ##3 . 1 . 6 allows attackers to exec u ##te arbitrary code via uploading a crafted JP ##G file . [SEP]
LRP (+Pred, pos-only)
[CLS] An arbitrary file upload vulnerability in F ##t ##d ##ms v ##3 . 1 . 6 allows attackers to exec u ##te arbitrary code via uploading a crafted JP ##G file . [SEP]
LIME (words)
An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file.
SHAP (words)
An arbitrary file upload vulnerability in Ftdms v3. 1. 6 allows attackers to execute arbitrary code via uploading a crafted JPG file
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An arbitrary file upload vulnerability in F ##t ##d ##ms v ##3 . 1 . 6 allows attackers to exec u ##te arbitrary code via uploading a crafted JP ##G file . [SEP]
LRP (+Pred, pos-only)
[CLS] An arbitrary file upload vulnerability in F ##t ##d ##ms v ##3 . 1 . 6 allows attackers to exec u ##te arbitrary code via uploading a crafted JP ##G file . [SEP]
LIME (words)
An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file.
SHAP (words)
An arbitrary file upload vulnerability in Ftdms v3. 1. 6 allows attackers to execute arbitrary code via uploading a crafted JPG file
#43 · cve_id CVE-2023-2347 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.95 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁was ▁found ▁in SourceCodester ▁Service Provider Manage ment ▁System ▁1 . 0 . ▁It ▁has ▁been ▁declared ▁as ▁critical . ▁This ▁vulnerability ▁affects ▁unknown ▁code ▁of ▁the ▁file / admin / service s / man age _ service . php . ▁The ▁manipulation ▁of ▁the ▁argument id ▁leads ▁to sql inject ion . ▁The ▁attack ▁can ▁be init iated ▁remotely . ▁The ▁exploit ▁has ▁been disclose d ▁to ▁the ▁public ▁and ▁may ▁be ▁used . ▁V DB - 22 75 90 ▁is ▁the identifier ▁a ssi gne d ▁to ▁this ▁vulnerability . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/services/manage_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227590 is the identifier assigned to this vulnerability.
SHAP (words)
A vulnerability was found in SourceCodester Service Provider Management System 1. 0. It has been declared as critical. This vulnerability affects unknown code of the file / admin/ services/ manage_service. php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB- 227590 is the identifier assigned to this vulnerability
lrp-bert · Pred=HIGH (2) · p=0.94 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability was found in SourceCodester Service Provider Manage men ##t System 1 . 0 . It has been declared as critical . This vulnerability affects unknown code of the file / admin / services / manage _ service . php . The man ip ul ##ation of the argument id leads to sql inject ion . The attack can be init i ##ated remotely . The exploit has been disclose d to the public and may be used . V ##D ##B - 227 ##5 ##90 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability was found in SourceCodester Service Provider Manage men ##t System 1 . 0 . It has been declared as critical . This vulnerability affects unknown code of the file / admin / services / manage _ service . php . The man ip ul ##ation of the argument id leads to sql inject ion . The attack can be init i ##ated remotely . The exploit has been disclose d to the public and may be used . V ##D ##B - 227 ##5 ##90 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LIME (words)
A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/services/manage_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227590 is the identifier assigned to this vulnerability.
SHAP (words)
A vulnerability was found in SourceCodester Service Provider Management System 1. 0. It has been declared as critical. This vulnerability affects unknown code of the file / admin/ services/ manage_service. php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB- 227590 is the identifier assigned to this vulnerability
lrp-distilbert · Pred=HIGH (2) · p=0.96 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability was found in SourceCodester Service Provider Manage men ##t System 1 . 0 . It has been declared as critical . This vulnerability affects unknown code of the file / admin / services / manage _ service . php . The man ip ul ##ation of the argument id leads to sql inject ion . The attack can be init i ##ated remotely . The exploit has been disclose d to the public and may be used . V ##D ##B - 227 ##5 ##90 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability was found in SourceCodester Service Provider Manage men ##t System 1 . 0 . It has been declared as critical . This vulnerability affects unknown code of the file / admin / services / manage _ service . php . The man ip ul ##ation of the argument id leads to sql inject ion . The attack can be init i ##ated remotely . The exploit has been disclose d to the public and may be used . V ##D ##B - 227 ##5 ##90 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LIME (words)
A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/services/manage_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227590 is the identifier assigned to this vulnerability.
SHAP (words)
A vulnerability was found in SourceCodester Service Provider Management System 1. 0. It has been declared as critical. This vulnerability affects unknown code of the file / admin/ services/ manage_service. php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB- 227590 is the identifier assigned to this vulnerability
#44 · cve_id CVE-2018-1000413 · i
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A cross-site scripting ▁vulnerability ▁exists ▁in ▁Jenkins Config ▁File Provider Plugin ▁3 . 1 ▁and ▁earlier ▁in config file s . je lly ▁provider list . je lly ▁that ▁allows ▁users ▁with ▁the ▁ability ▁to configure ▁configuration ▁files ▁to ▁insert ▁arbitrary HTML ▁into ▁some ▁pages ▁in ▁Jenkins . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins.
SHAP (words)
A cross- site scripting vulnerability exists in Jenkins Config File Provider Plugin 3. 1 and earlier in configfiles. jelly providerlist. jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3 . 1 and earlier in config files . j ##elly provider ##list . j ##elly that allows users with the ability to configure config u ##ration files to insert arbitrary HTML int o some pages in Jenkins . [SEP]
LRP (+Pred, pos-only)
[CLS] A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3 . 1 and earlier in config files . j ##elly provider ##list . j ##elly that allows users with the ability to configure config u ##ration files to insert arbitrary HTML int o some pages in Jenkins . [SEP]
LIME (words)
A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins.
SHAP (words)
A cross- site scripting vulnerability exists in Jenkins Config File Provider Plugin 3. 1 and earlier in configfiles. jelly providerlist. jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3 . 1 and earlier in config files . j ##elly provider ##list . j ##elly that allows users with the ability to configure config u ##ration files to insert arbitrary HTML int o some pages in Jenkins . [SEP]
LRP (+Pred, pos-only)
[CLS] A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3 . 1 and earlier in config files . j ##elly provider ##list . j ##elly that allows users with the ability to configure config u ##ration files to insert arbitrary HTML int o some pages in Jenkins . [SEP]
LIME (words)
A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins.
SHAP (words)
A cross- site scripting vulnerability exists in Jenkins Config File Provider Plugin 3. 1 and earlier in configfiles. jelly providerlist. jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins
#45 · cve_id CVE-2021-31530 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Zoho ManageEngine ServiceDesk ▁Plus MSP ▁before ▁105 22 ▁is ▁vulnerable ▁to ▁In for matio n Disclosure . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.
SHAP (words)
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Zoho ManageEngine ServiceDesk Plus MSP before 105 ##22 is vulnerable to In ##fo ##r matio n Disclosure . [SEP]
LRP (+Pred, pos-only)
[CLS] Zoho ManageEngine ServiceDesk Plus MSP before 105 ##22 is vulnerable to In ##fo ##r matio n Disclosure . [SEP]
LIME (words)
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.
SHAP (words)
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Zoho ManageEngine ServiceDesk Plus MSP before 105 ##22 is vulnerable to In ##fo ##r matio n Disclosure . [SEP]
LRP (+Pred, pos-only)
[CLS] Zoho ManageEngine ServiceDesk Plus MSP before 105 ##22 is vulnerable to In ##fo ##r matio n Disclosure . [SEP]
LIME (words)
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.
SHAP (words)
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure
#46 · cve_id CVE-2009-1961 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The inode ▁double ▁locking ▁code ▁in ▁f s / oc f s 2/ file . c ▁in ▁the ▁Linux ▁kernel ▁2 . 6 . 30 ▁before ▁2 . 6 . 30 - rc 3 ▁2 . 6 . 27 ▁before ▁2 . 6 . 27 . 24 ▁2 . 6 . 29 ▁before ▁2 . 6 . 29 . 4 ▁and ▁po ssi b ly ▁other ▁versions ▁down ▁to ▁2 . 6 . 19 ▁allows ▁local ▁users ▁to ▁cause ▁a ▁denial ▁of ▁service ( pre vention ▁of ▁file ▁creation ▁and ▁removal ) ▁via ▁a ▁series ▁of sp lice ▁system ▁calls ▁that ▁trigger ▁a deadlock ▁between ▁the ▁generic _ file _ sp lice _ write sp lice _ from _ pipe ▁and oc f s 2 _ file _ sp lice _ write ▁functions . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3 2.6.27 before 2.6.27.24 2.6.29 before 2.6.29.4 and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write splice_from_pipe and ocfs2_file_splice_write functions.
SHAP (words)
The inode double locking code in fs/ ocfs2/ file. c in the Linux kernel 2. 6. 30 before 2. 6. 30- rc3 2. 6. 27 before 2. 6. 27. 24 2. 6. 29 before 2. 6. 29. 4 and possibly other versions down to 2. 6. 19 allows local users to cause a denial of service ( prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write splice_from_pipe and ocfs2_file_splice_write functions
lrp-bert · Pred=HIGH (2) · p=0.99 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The inode double locking code in f ##s / o ##c ##fs ##2 / file . c in the Linux kernel 2 . 6 . 30 before 2 . 6 . 30 - r ##c ##3 2 . 6 . 27 before 2 . 6 . 27 . 24 2 . 6 . 29 before 2 . 6 . 29 . 4 and p ##o ssi b ##ly other versions down to 2 . 6 . 19 allows local users to cause a denial of service ( prevention of file creation and removal ) via a series of s ##p ##lice system calls that trigger a deadlock between the generic _ file _ s ##p ##lice _ w ##r ite s ##p ##lice _ from _ p ip e and o ##c ##fs ##2 _ file _ s ##p ##lice _ w ##r ite functions . [SEP]
LRP (+Pred, pos-only)
[CLS] The inode double locking code in f ##s / o ##c ##fs ##2 / file . c in the Linux kernel 2 . 6 . 30 before 2 . 6 . 30 - r ##c ##3 2 . 6 . 27 before 2 . 6 . 27 . 24 2 . 6 . 29 before 2 . 6 . 29 . 4 and p ##o ssi b ##ly other versions down to 2 . 6 . 19 allows local users to cause a denial of service ( prevention of file creation and removal ) via a series of s ##p ##lice system calls that trigger a deadlock between the generic _ file _ s ##p ##lice _ w ##r ite s ##p ##lice _ from _ p ip e and o ##c ##fs ##2 _ file _ s ##p ##lice _ w ##r ite functions . [SEP]
LIME (words)
The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3 2.6.27 before 2.6.27.24 2.6.29 before 2.6.29.4 and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write splice_from_pipe and ocfs2_file_splice_write functions.
SHAP (words)
The inode double locking code in fs/ ocfs2/ file. c in the Linux kernel 2. 6. 30 before 2. 6. 30- rc3 2. 6. 27 before 2. 6. 27. 24 2. 6. 29 before 2. 6. 29. 4 and possibly other versions down to 2. 6. 19 allows local users to cause a denial of service ( prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write splice_from_pipe and ocfs2_file_splice_write functions
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The inode double locking code in f ##s / o ##c ##fs ##2 / file . c in the Linux kernel 2 . 6 . 30 before 2 . 6 . 30 - r ##c ##3 2 . 6 . 27 before 2 . 6 . 27 . 24 2 . 6 . 29 before 2 . 6 . 29 . 4 and p ##o ssi b ##ly other versions down to 2 . 6 . 19 allows local users to cause a denial of service ( prevention of file creation and removal ) via a series of s ##p ##lice system calls that trigger a deadlock between the generic _ file _ s ##p ##lice _ w ##r ite s ##p ##lice _ from _ p ip e and o ##c ##fs ##2 _ file _ s ##p ##lice _ w ##r ite functions . [SEP]
LRP (+Pred, pos-only)
[CLS] The inode double locking code in f ##s / o ##c ##fs ##2 / file . c in the Linux kernel 2 . 6 . 30 before 2 . 6 . 30 - r ##c ##3 2 . 6 . 27 before 2 . 6 . 27 . 24 2 . 6 . 29 before 2 . 6 . 29 . 4 and p ##o ssi b ##ly other versions down to 2 . 6 . 19 allows local users to cause a denial of service ( prevention of file creation and removal ) via a series of s ##p ##lice system calls that trigger a deadlock between the generic _ file _ s ##p ##lice _ w ##r ite s ##p ##lice _ from _ p ip e and o ##c ##fs ##2 _ file _ s ##p ##lice _ w ##r ite functions . [SEP]
LIME (words)
The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3 2.6.27 before 2.6.27.24 2.6.29 before 2.6.29.4 and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write splice_from_pipe and ocfs2_file_splice_write functions.
SHAP (words)
The inode double locking code in fs/ ocfs2/ file. c in the Linux kernel 2. 6. 30 before 2. 6. 30- rc3 2. 6. 27 before 2. 6. 27. 24 2. 6. 29 before 2. 6. 29. 4 and possibly other versions down to 2. 6. 19 allows local users to cause a denial of service ( prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write splice_from_pipe and ocfs2_file_splice_write functions
#47 · cve_id CVE-2023-21413 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Go Secure ▁on ▁behalf ▁of ▁Gene tec ▁Inc . ▁has ▁found ▁a flaw ▁that ▁allows ▁for ▁a ▁remote ▁code ▁execution ▁during ▁the ▁installation ▁of ▁A CAP ▁applications ▁on ▁the Ax ▁is ▁device . ▁The ▁application ▁handling ▁service ▁in AXIS ▁OS ▁was ▁vulnerable ▁to ▁command inject ion ▁allowing ▁an ▁attacker ▁to ▁run ▁arbitrary ▁code . Ax ▁is ▁has ▁released patched AXIS ▁OS ▁versions ▁for ▁the ▁highlighted flaw . ▁Please ▁refer ▁to ▁the Ax ▁is ▁security ▁advisory ▁for ▁more ▁in for matio n ▁and ▁solution . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
SHAP (words)
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Go Secure on behalf of Gene ##tec Inc . has found a flaw that allows for a remote code exec u ##tion d uri ng the installation of AC ##AP applications on the Ax is dev ice . The application handling service in AXIS OS was vulnerable to command inject ion allowing an attacker to run arbitrary code . Ax is has released patched AXIS OS versions for the highlighted flaw . Please refer to the Ax is se ##c uri t ##y advisory for more info ##r matio n and solution . [SEP]
LRP (+Pred, pos-only)
[CLS] Go Secure on behalf of Gene ##tec Inc . has found a flaw that allows for a remote code exec u ##tion d uri ng the installation of AC ##AP applications on the Ax is dev ice . The application handling service in AXIS OS was vulnerable to command inject ion allowing an attacker to run arbitrary code . Ax is has released patched AXIS OS versions for the highlighted flaw . Please refer to the Ax is se ##c uri t ##y advisory for more info ##r matio n and solution . [SEP]
LIME (words)
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
SHAP (words)
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Go Secure on behalf of Gene ##tec Inc . has found a flaw that allows for a remote code exec u ##tion d uri ng the installation of AC ##AP applications on the Ax is dev ice . The application handling service in AXIS OS was vulnerable to command inject ion allowing an attacker to run arbitrary code . Ax is has released patched AXIS OS versions for the highlighted flaw . Please refer to the Ax is se ##c uri t ##y advisory for more info ##r matio n and solution . [SEP]
LRP (+Pred, pos-only)
[CLS] Go Secure on behalf of Gene ##tec Inc . has found a flaw that allows for a remote code exec u ##tion d uri ng the installation of AC ##AP applications on the Ax is dev ice . The application handling service in AXIS OS was vulnerable to command inject ion allowing an attacker to run arbitrary code . Ax is has released patched AXIS OS versions for the highlighted flaw . Please refer to the Ax is se ##c uri t ##y advisory for more info ##r matio n and solution . [SEP]
LIME (words)
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
SHAP (words)
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution
#48 · cve_id CVE-2023-47618 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁post authentication ▁command ▁execution ▁vulnerability ▁exists ▁in ▁the ▁web ▁filtering ▁functionality ▁of ▁T p - Link ER 720 6 ▁Om ada Gigabit VPN Router ▁1 . 3 . 0 ▁build ▁202 303 22 ▁R el . 70 59 1 . ▁A spec i ally ▁crafted HTTP ▁request ▁can ▁lead ▁to ▁arbitrary ▁command ▁execution . ▁An ▁attacker ▁can ▁make ▁an authenticated HTTP ▁request ▁to ▁trigger ▁this ▁vulnerability . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SHAP (words)
A post authentication command execution vulnerability exists in the web filtering functionality of Tp- Link ER7206 Omada Gigabit VPN Router 1. 3. 0 build 20230322 Rel. 70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A post authentication command exec u ##tion vulnerability exists in the web filtering functionality of T ##p - Link ER ##7 ##20 ##6 O ##mada Gigabit VPN Router 1 . 3 . 0 build 202 ##30 ##32 ##2 Re ##l . 70 ##5 ##9 ##1 . A spec i ##ally crafted HTTP request can lead to arbitrary command exec u ##tion . An attacker can make an authenticated HTTP request to trigger this vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] A post authentication command exec u ##tion vulnerability exists in the web filtering functionality of T ##p - Link ER ##7 ##20 ##6 O ##mada Gigabit VPN Router 1 . 3 . 0 build 202 ##30 ##32 ##2 Re ##l . 70 ##5 ##9 ##1 . A spec i ##ally crafted HTTP request can lead to arbitrary command exec u ##tion . An attacker can make an authenticated HTTP request to trigger this vulnerability . [SEP]
LIME (words)
A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SHAP (words)
A post authentication command execution vulnerability exists in the web filtering functionality of Tp- Link ER7206 Omada Gigabit VPN Router 1. 3. 0 build 20230322 Rel. 70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A post authentication command exec u ##tion vulnerability exists in the web filtering functionality of T ##p - Link ER ##7 ##20 ##6 O ##mada Gigabit VPN Router 1 . 3 . 0 build 202 ##30 ##32 ##2 Re ##l . 70 ##5 ##9 ##1 . A spec i ##ally crafted HTTP request can lead to arbitrary command exec u ##tion . An attacker can make an authenticated HTTP request to trigger this vulnerability . [SEP]
LRP (+Pred, pos-only)
[CLS] A post authentication command exec u ##tion vulnerability exists in the web filtering functionality of T ##p - Link ER ##7 ##20 ##6 O ##mada Gigabit VPN Router 1 . 3 . 0 build 202 ##30 ##32 ##2 Re ##l . 70 ##5 ##9 ##1 . A spec i ##ally crafted HTTP request can lead to arbitrary command exec u ##tion . An attacker can make an authenticated HTTP request to trigger this vulnerability . [SEP]
LIME (words)
A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SHAP (words)
A post authentication command execution vulnerability exists in the web filtering functionality of Tp- Link ER7206 Omada Gigabit VPN Router 1. 3. 0 build 20230322 Rel. 70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability
#49 · cve_id CVE-2019-10749 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁sequel ize ▁before ▁version ▁3 . 35 . 1 ▁allows ▁attackers ▁to ▁perform ▁a SQL Injection ▁due ▁to ▁the JSON ▁path ▁keys ▁not ▁being ▁properly sanitized ▁in ▁the ▁Post gre s ▁dialect . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect.
SHAP (words)
sequelize before version 3. 35. 1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] sequel ##ize before version 3 . 35 . 1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Post ##g ##res dialect . [SEP]
LRP (+Pred, pos-only)
[CLS] sequel ##ize before version 3 . 35 . 1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Post ##g ##res dialect . [SEP]
LIME (words)
sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect.
SHAP (words)
sequelize before version 3. 35. 1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect
lrp-distilbert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] sequel ##ize before version 3 . 35 . 1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Post ##g ##res dialect . [SEP]
LRP (+Pred, pos-only)
[CLS] sequel ##ize before version 3 . 35 . 1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Post ##g ##res dialect . [SEP]
LIME (words)
sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect.
SHAP (words)
sequelize before version 3. 35. 1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect
#50 · cve_id CVE-2013-2600 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
MiniUPnP d ▁has ▁in for matio n ▁di sc los ure ▁use ▁of snprintf ( ) <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
MiniUPnPd has information disclosure use of snprintf()
SHAP (words)
MiniUPnPd has information disclosure use of snprintf
lrp-bert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] MiniUPnP d has info ##r matio n di sc los ##ure use of snprintf ( ) [SEP]
LRP (+Pred, pos-only)
[CLS] MiniUPnP d has info ##r matio n di sc los ##ure use of snprintf ( ) [SEP]
LIME (words)
MiniUPnPd has information disclosure use of snprintf()
SHAP (words)
MiniUPnPd has information disclosure use of snprintf
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] MiniUPnP d has info ##r matio n di sc los ##ure use of snprintf ( ) [SEP]
LRP (+Pred, pos-only)
[CLS] MiniUPnP d has info ##r matio n di sc los ##ure use of snprintf ( ) [SEP]
LIME (words)
MiniUPnPd has information disclosure use of snprintf()
SHAP (words)
MiniUPnPd has information disclosure use of snprintf
#51 · cve_id CVE-2018-21064 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁issue ▁was ▁di sc ▁over ed ▁on ▁Samsung mobi le ▁devices ▁with ▁N ( 7 . x ) ▁and ▁O ( 8 . x ) ▁software . ▁There ▁is ▁an ▁array overflow ▁in ▁a ▁driver ' s ▁input ▁booster . ▁The ▁Samsung ▁ID ▁is S VE - 2017 - 1 18 16 ( August ▁2018 ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is an array overflow in a driver's input booster. The Samsung ID is SVE-2017-11816 (August 2018).
SHAP (words)
An issue was discovered on Samsung mobile devices with N( 7. x) and O( 8. x) software. There is an array overflow in a driver' s input booster. The Samsung ID is SVE- 2017- 11816 ( August 2018
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed on Samsung mobi le dev ice ##s with N ( 7 . x ) and O ( 8 . x ) software . There is an array overflow in a driver ' s input boost ##er . The Samsung ID is SV ##E - 2017 - 118 ##16 ( August 2018 ) . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed on Samsung mobi le dev ice ##s with N ( 7 . x ) and O ( 8 . x ) software . There is an array overflow in a driver ' s input boost ##er . The Samsung ID is SV ##E - 2017 - 118 ##16 ( August 2018 ) . [SEP]
LIME (words)
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is an array overflow in a driver's input booster. The Samsung ID is SVE-2017-11816 (August 2018).
SHAP (words)
An issue was discovered on Samsung mobile devices with N( 7. x) and O( 8. x) software. There is an array overflow in a driver' s input booster. The Samsung ID is SVE- 2017- 11816 ( August 2018
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed on Samsung mobi le dev ice ##s with N ( 7 . x ) and O ( 8 . x ) software . There is an array overflow in a driver ' s input boost ##er . The Samsung ID is SV ##E - 2017 - 118 ##16 ( August 2018 ) . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed on Samsung mobi le dev ice ##s with N ( 7 . x ) and O ( 8 . x ) software . There is an array overflow in a driver ' s input boost ##er . The Samsung ID is SV ##E - 2017 - 118 ##16 ( August 2018 ) . [SEP]
LIME (words)
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is an array overflow in a driver's input booster. The Samsung ID is SVE-2017-11816 (August 2018).
SHAP (words)
An issue was discovered on Samsung mobile devices with N( 7. x) and O( 8. x) software. There is an array overflow in a driver' s input booster. The Samsung ID is SVE- 2017- 11816 ( August 2018
#52 · cve_id CVE-2023-44469 · i
GT=LOW (1)
xlnet · Pred=HIGH (2) · p=0.96 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A Server-Side Request Forgery ▁issue ▁in ▁the OpenID ▁Connect ▁Issue r ▁in ▁Lemon LDAP : : NG ▁before ▁2 . 17 . 1 ▁allows authenticated ▁remote ▁attackers ▁to ▁send GET ▁requests ▁to ▁arbitrary URLs ▁through ▁the ▁request _ uri auth ▁or ization param eter . ▁This ▁is ▁similar ▁to CVE - 20 20 - 10 770 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.
SHAP (words)
A Server- Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP:: NG before 2. 17. 1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE- 2020- 10770
lrp-bert · Pred=NONE (0) · p=0.80 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A Server-Side Request Forgery issue in the OpenID Connect Issue ##r in Lemon LDAP : : NG before 2 . 17 . 1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request _ uri auth or ##ization param et ##er . This is similar to CVE - 2020 - 107 ##70 . [SEP]
LRP (+Pred, pos-only)
[CLS] A Server-Side Request Forgery issue in the OpenID Connect Issue ##r in Lemon LDAP : : NG before 2 . 17 . 1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request _ uri auth or ##ization param et ##er . This is similar to CVE - 2020 - 107 ##70 . [SEP]
LIME (words)
A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.
SHAP (words)
A Server- Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP:: NG before 2. 17. 1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE- 2020- 10770
lrp-distilbert · Pred=NONE (0) · p=0.99 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A Server-Side Request Forgery issue in the OpenID Connect Issue ##r in Lemon LDAP : : NG before 2 . 17 . 1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request _ uri auth or ##ization param et ##er . This is similar to CVE - 2020 - 107 ##70 . [SEP]
LRP (+Pred, pos-only)
[CLS] A Server-Side Request Forgery issue in the OpenID Connect Issue ##r in Lemon LDAP : : NG before 2 . 17 . 1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request _ uri auth or ##ization param et ##er . This is similar to CVE - 2020 - 107 ##70 . [SEP]
LIME (words)
A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.
SHAP (words)
A Server- Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP:: NG before 2. 17. 1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE- 2020- 10770
#53 · cve_id CVE-2022-1915 · i
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The WP ▁Z il low ▁Review Slider WordPress plugin ▁before ▁2 . 4 ▁does ▁not e sc ▁a pe ▁a ▁settings ▁which ▁could ▁allow ▁high ▁privilege ▁users ▁to ▁perform Cross-Site Scripting ▁attacks ▁even ▁when ▁the unfiltered ▁_ html ▁capability ▁is disallowed ( for ▁example ▁in ▁multi site ) <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite)
SHAP (words)
The WP Zillow Review Slider WordPress plugin before 2. 4 does not escape a settings which could allow high privilege users to perform Cross- Site Scripting attacks even when the unfiltered_html capability is disallowed ( for example in multisite
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The WP Z ##illo ##w Review Slider WordPress plugin before 2 . 4 does not e sc a ##pe a settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered _ html capability is disallowed ( for example in multi ##s ite ) [SEP]
LRP (+Pred, pos-only)
[CLS] The WP Z ##illo ##w Review Slider WordPress plugin before 2 . 4 does not e sc a ##pe a settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered _ html capability is disallowed ( for example in multi ##s ite ) [SEP]
LIME (words)
The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite)
SHAP (words)
The WP Zillow Review Slider WordPress plugin before 2. 4 does not escape a settings which could allow high privilege users to perform Cross- Site Scripting attacks even when the unfiltered_html capability is disallowed ( for example in multisite
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The WP Z ##illo ##w Review Slider WordPress plugin before 2 . 4 does not e sc a ##pe a settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered _ html capability is disallowed ( for example in multi ##s ite ) [SEP]
LRP (+Pred, pos-only)
[CLS] The WP Z ##illo ##w Review Slider WordPress plugin before 2 . 4 does not e sc a ##pe a settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered _ html capability is disallowed ( for example in multi ##s ite ) [SEP]
LIME (words)
The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite)
SHAP (words)
The WP Zillow Review Slider WordPress plugin before 2. 4 does not escape a settings which could allow high privilege users to perform Cross- Site Scripting attacks even when the unfiltered_html capability is disallowed ( for example in multisite
#54 · cve_id CVE-2020-1307 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁elevation ▁of ▁privilege ▁vulnerability ▁exists ▁when ▁the ▁Windows ▁kernel ▁fails ▁to ▁properly ▁handle ▁objects ▁in ▁memory aka ' W in dow s Kernel Elevation ▁of Privilege Vulnerability ' . ▁This CVE ▁ID ▁is ▁unique ▁from CVE - 20 20 - 09 86 CVE - 20 20 - 12 37 CVE - 20 20 - 12 46 CVE - 20 20 - 12 62 CVE - 20 20 - 12 64 CVE - 20 20 - 12 66 CVE - 20 20 - 12 69 CVE - 20 20 - 12 73 CVE - 20 20 - 12 74 CVE - 20 20 - 12 75 CVE - 20 20 - 12 76 CVE - 20 20 - 13 16 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986 CVE-2020-1237 CVE-2020-1246 CVE-2020-1262 CVE-2020-1264 CVE-2020-1266 CVE-2020-1269 CVE-2020-1273 CVE-2020-1274 CVE-2020-1275 CVE-2020-1276 CVE-2020-1316.
SHAP (words)
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory aka ' Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE- 2020- 0986 CVE- 2020- 1237 CVE- 2020- 1246 CVE- 2020- 1262 CVE- 2020- 1264 CVE- 2020- 1266 CVE- 2020- 1269 CVE- 2020- 1273 CVE- 2020- 1274 CVE- 2020- 1275 CVE- 2020- 1276 CVE- 2020- 1316
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory aka ' Windows Kernel Elevation of Privilege Vulnerability ' . This CVE ID is unique from CVE - 2020 - 09 ##86 CVE - 2020 - 123 ##7 CVE - 2020 - 124 ##6 CVE - 2020 - 126 ##2 CVE - 2020 - 126 ##4 CVE - 2020 - 126 ##6 CVE - 2020 - 126 ##9 CVE - 2020 - 127 ##3 CVE - 2020 - 127 ##4 CVE - 2020 - 127 ##5 CVE - 2020 - 127 ##6 CVE - 2020 - 131 ##6 . [SEP]
LRP (+Pred, pos-only)
[CLS] An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory aka ' Windows Kernel Elevation of Privilege Vulnerability ' . This CVE ID is unique from CVE - 2020 - 09 ##86 CVE - 2020 - 123 ##7 CVE - 2020 - 124 ##6 CVE - 2020 - 126 ##2 CVE - 2020 - 126 ##4 CVE - 2020 - 126 ##6 CVE - 2020 - 126 ##9 CVE - 2020 - 127 ##3 CVE - 2020 - 127 ##4 CVE - 2020 - 127 ##5 CVE - 2020 - 127 ##6 CVE - 2020 - 131 ##6 . [SEP]
LIME (words)
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986 CVE-2020-1237 CVE-2020-1246 CVE-2020-1262 CVE-2020-1264 CVE-2020-1266 CVE-2020-1269 CVE-2020-1273 CVE-2020-1274 CVE-2020-1275 CVE-2020-1276 CVE-2020-1316.
SHAP (words)
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory aka ' Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE- 2020- 0986 CVE- 2020- 1237 CVE- 2020- 1246 CVE- 2020- 1262 CVE- 2020- 1264 CVE- 2020- 1266 CVE- 2020- 1269 CVE- 2020- 1273 CVE- 2020- 1274 CVE- 2020- 1275 CVE- 2020- 1276 CVE- 2020- 1316
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory aka ' Windows Kernel Elevation of Privilege Vulnerability ' . This CVE ID is unique from CVE - 2020 - 09 ##86 CVE - 2020 - 123 ##7 CVE - 2020 - 124 ##6 CVE - 2020 - 126 ##2 CVE - 2020 - 126 ##4 CVE - 2020 - 126 ##6 CVE - 2020 - 126 ##9 CVE - 2020 - 127 ##3 CVE - 2020 - 127 ##4 CVE - 2020 - 127 ##5 CVE - 2020 - 127 ##6 CVE - 2020 - 131 ##6 . [SEP]
LRP (+Pred, pos-only)
[CLS] An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory aka ' Windows Kernel Elevation of Privilege Vulnerability ' . This CVE ID is unique from CVE - 2020 - 09 ##86 CVE - 2020 - 123 ##7 CVE - 2020 - 124 ##6 CVE - 2020 - 126 ##2 CVE - 2020 - 126 ##4 CVE - 2020 - 126 ##6 CVE - 2020 - 126 ##9 CVE - 2020 - 127 ##3 CVE - 2020 - 127 ##4 CVE - 2020 - 127 ##5 CVE - 2020 - 127 ##6 CVE - 2020 - 131 ##6 . [SEP]
LIME (words)
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986 CVE-2020-1237 CVE-2020-1246 CVE-2020-1262 CVE-2020-1264 CVE-2020-1266 CVE-2020-1269 CVE-2020-1273 CVE-2020-1274 CVE-2020-1275 CVE-2020-1276 CVE-2020-1316.
SHAP (words)
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory aka ' Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE- 2020- 0986 CVE- 2020- 1237 CVE- 2020- 1246 CVE- 2020- 1262 CVE- 2020- 1264 CVE- 2020- 1266 CVE- 2020- 1269 CVE- 2020- 1273 CVE- 2020- 1274 CVE- 2020- 1275 CVE- 2020- 1276 CVE- 2020- 1316
#55 · cve_id CVE-2023-28620 · i
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Auth . ( admin ▁+ ) Stored Cross-Site Scripting ( XSS ) ▁vulnerability ▁in Cyber ▁us ▁Lab s Cyber ▁us ▁Key plugin ▁< = ▁1 . 0 ▁versions . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cyberus Labs Cyberus Key plugin <= 1.0 versions.
SHAP (words)
Auth. ( admin+) Stored Cross- Site Scripting ( XSS) vulnerability in Cyberus Labs Cyberus Key plugin <=  1. 0 versions
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Auth . ( admin + ) Stored Cross-Site Scripting ( XSS ) vulnerability in Cyber us Labs Cyber us Key plugin < = 1 . 0 versions . [SEP]
LRP (+Pred, pos-only)
[CLS] Auth . ( admin + ) Stored Cross-Site Scripting ( XSS ) vulnerability in Cyber us Labs Cyber us Key plugin < = 1 . 0 versions . [SEP]
LIME (words)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cyberus Labs Cyberus Key plugin <= 1.0 versions.
SHAP (words)
Auth. ( admin+) Stored Cross- Site Scripting ( XSS) vulnerability in Cyberus Labs Cyberus Key plugin <=  1. 0 versions
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Auth . ( admin + ) Stored Cross-Site Scripting ( XSS ) vulnerability in Cyber us Labs Cyber us Key plugin < = 1 . 0 versions . [SEP]
LRP (+Pred, pos-only)
[CLS] Auth . ( admin + ) Stored Cross-Site Scripting ( XSS ) vulnerability in Cyber us Labs Cyber us Key plugin < = 1 . 0 versions . [SEP]
LIME (words)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cyberus Labs Cyberus Key plugin <= 1.0 versions.
SHAP (words)
Auth. ( admin+) Stored Cross- Site Scripting ( XSS) vulnerability in Cyberus Labs Cyberus Key plugin <=  1. 0 versions
#56 · cve_id CVE-2020-8514 · i
GT=LOW (1)
xlnet · Pred=LOW (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁issue ▁was ▁di sc ▁over ed ▁in Rumpus ▁8 . 2 . 10 ▁on macOS . ▁By crafting ▁a ▁directory ▁name ▁it ▁is ▁po ssi ble ▁to ▁activate JavaScript ▁in ▁the ▁context ▁of ▁the ▁web ▁application ▁after invoking ▁the rename ▁folder ▁functionality . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality.
SHAP (words)
An issue was discovered in Rumpus 8. 2. 10 on macOS. By crafting a directory name it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality
lrp-bert · Pred=LOW (1) · p=0.90 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed in Rumpus 8 . 2 . 10 on macOS . By crafting a directory name it is p ##o ssi b ##le to activate JavaScript in the context of the web application after invoking the rename folder functionality . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed in Rumpus 8 . 2 . 10 on macOS . By crafting a directory name it is p ##o ssi b ##le to activate JavaScript in the context of the web application after invoking the rename folder functionality . [SEP]
LIME (words)
An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality.
SHAP (words)
An issue was discovered in Rumpus 8. 2. 10 on macOS. By crafting a directory name it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed in Rumpus 8 . 2 . 10 on macOS . By crafting a directory name it is p ##o ssi b ##le to activate JavaScript in the context of the web application after invoking the rename folder functionality . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed in Rumpus 8 . 2 . 10 on macOS . By crafting a directory name it is p ##o ssi b ##le to activate JavaScript in the context of the web application after invoking the rename folder functionality . [SEP]
LIME (words)
An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality.
SHAP (words)
An issue was discovered in Rumpus 8. 2. 10 on macOS. By crafting a directory name it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality
#57 · cve_id CVE-2023-25365 · i
GT=HIGH (2)
xlnet · Pred=LOW (1) · p=1.00 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Cross ▁Site Scripting ▁vulnerability ▁found ▁in ▁October CMS ▁v . 3 . 2 . 0 ▁allows ▁local ▁attacker ▁to ▁execute ▁arbitrary ▁code ▁via ▁the ▁file ▁type . mp 3 <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3
SHAP (words)
Cross Site Scripting vulnerability found in October CMS v. 3. 2. 0 allows local attacker to execute arbitrary code via the file type . mp3
lrp-bert · Pred=LOW (1) · p=1.00 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross S ite Scripting vulnerability found in October CMS v . 3 . 2 . 0 allows local attacker to exec u ##te arbitrary code via the file type . m ##p ##3 [SEP]
LRP (+Pred, pos-only)
[CLS] Cross S ite Scripting vulnerability found in October CMS v . 3 . 2 . 0 allows local attacker to exec u ##te arbitrary code via the file type . m ##p ##3 [SEP]
LIME (words)
Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3
SHAP (words)
Cross Site Scripting vulnerability found in October CMS v. 3. 2. 0 allows local attacker to execute arbitrary code via the file type . mp3
lrp-distilbert · Pred=LOW (1) · p=1.00 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross S ite Scripting vulnerability found in October CMS v . 3 . 2 . 0 allows local attacker to exec u ##te arbitrary code via the file type . m ##p ##3 [SEP]
LRP (+Pred, pos-only)
[CLS] Cross S ite Scripting vulnerability found in October CMS v . 3 . 2 . 0 allows local attacker to exec u ##te arbitrary code via the file type . m ##p ##3 [SEP]
LIME (words)
Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3
SHAP (words)
Cross Site Scripting vulnerability found in October CMS v. 3. 2. 0 allows local attacker to execute arbitrary code via the file type . mp3
#58 · cve_id CVE-2023-46987 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
SeaCMS ▁v 12 . 9 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a ▁remote ▁code ▁execution ( RCE ) ▁vulnerability ▁via ▁the ▁component / a uga p / admin ip . php . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php.
SHAP (words)
SeaCMS v12. 9 was discovered to contain a remote code execution ( RCE) vulnerability via the component / augap/ adminip. php
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] SeaCMS v ##12 . 9 was di sc over ##ed to contain a remote code exec u ##tion ( RCE ) vulnerability via the component / au ##ga ##p / admin ip . php . [SEP]
LRP (+Pred, pos-only)
[CLS] SeaCMS v ##12 . 9 was di sc over ##ed to contain a remote code exec u ##tion ( RCE ) vulnerability via the component / au ##ga ##p / admin ip . php . [SEP]
LIME (words)
SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php.
SHAP (words)
SeaCMS v12. 9 was discovered to contain a remote code execution ( RCE) vulnerability via the component / augap/ adminip. php
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] SeaCMS v ##12 . 9 was di sc over ##ed to contain a remote code exec u ##tion ( RCE ) vulnerability via the component / au ##ga ##p / admin ip . php . [SEP]
LRP (+Pred, pos-only)
[CLS] SeaCMS v ##12 . 9 was di sc over ##ed to contain a remote code exec u ##tion ( RCE ) vulnerability via the component / au ##ga ##p / admin ip . php . [SEP]
LIME (words)
SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php.
SHAP (words)
SeaCMS v12. 9 was discovered to contain a remote code execution ( RCE) vulnerability via the component / augap/ adminip. php
#59 · cve_id CVE-2022-22792 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Mo bi Soft - ▁Mo bi Plus User ▁Take ▁Over ▁and Improper Handling ▁of url Parameters Attacker ▁can ▁navigate ▁to spec ific url ▁which ▁will ▁expose ▁all ▁the ▁users ▁and ▁password ▁in ▁clear ▁text . ▁http :// IP / Mo bi Plus Web / Handler s / Ma in Handler . ash x ? Me tho d Name = Grid ▁Data & amp ; Grid ▁Name = User s <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. http://IP/MobiPlusWeb/Handlers/MainHandler.ashx?MethodName=GridData&GridName=Users
SHAP (words)
MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. http:// IP/ MobiPlusWeb/ Handlers/ MainHandler. ashx? MethodName= GridData& amp; GridName= Users
lrp-bert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mo ##bi ##S ##oft - Mo ##bi ##P ##lus User Take Over and Improper Handling of url Parameters Attacker can navigate to spec if ##ic url which will expose all the users and password in clear text . http : / / IP / Mo ##bi ##P ##lus ##W ##eb / Handler s / Main Handler . ash ##x ? Method ##N ##ame = Grid Data & am ##p ; Grid Name = User s [SEP]
LRP (+Pred, pos-only)
[CLS] Mo ##bi ##S ##oft - Mo ##bi ##P ##lus User Take Over and Improper Handling of url Parameters Attacker can navigate to spec if ##ic url which will expose all the users and password in clear text . http : / / IP / Mo ##bi ##P ##lus ##W ##eb / Handler s / Main Handler . ash ##x ? Method ##N ##ame = Grid Data & am ##p ; Grid Name = User s [SEP]
LIME (words)
MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. http://IP/MobiPlusWeb/Handlers/MainHandler.ashx?MethodName=GridData&GridName=Users
SHAP (words)
MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. http:// IP/ MobiPlusWeb/ Handlers/ MainHandler. ashx? MethodName= GridData& amp; GridName= Users
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mo ##bi ##S ##oft - Mo ##bi ##P ##lus User Take Over and Improper Handling of url Parameters Attacker can navigate to spec if ##ic url which will expose all the users and password in clear text . http : / / IP / Mo ##bi ##P ##lus ##W ##eb / Handler s / Main Handler . ash ##x ? Method ##N ##ame = Grid Data & am ##p ; Grid Name = User s [SEP]
LRP (+Pred, pos-only)
[CLS] Mo ##bi ##S ##oft - Mo ##bi ##P ##lus User Take Over and Improper Handling of url Parameters Attacker can navigate to spec if ##ic url which will expose all the users and password in clear text . http : / / IP / Mo ##bi ##P ##lus ##W ##eb / Handler s / Main Handler . ash ##x ? Method ##N ##ame = Grid Data & am ##p ; Grid Name = User s [SEP]
LIME (words)
MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. http://IP/MobiPlusWeb/Handlers/MainHandler.ashx?MethodName=GridData&GridName=Users
SHAP (words)
MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. http:// IP/ MobiPlusWeb/ Handlers/ MainHandler. ashx? MethodName= GridData& amp; GridName= Users
#60 · cve_id CVE-2021-37692 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
TensorFlow ▁is ▁an ▁end - to - end ▁open ▁source ▁platform ▁for ▁machine ▁learning . ▁In ▁affected ▁versions ▁under ▁certain ▁conditions ▁Go ▁code ▁can ▁trigger ▁a segfault ▁in ▁string ▁deal location . ▁For ▁string tensors ▁` C . TF _ TS t ring _ De al loc ` ▁is ▁called ▁during ▁garbage ▁collection ▁within ▁a finalize r ▁function . ▁However ▁tens or ▁structure ▁isn ' t ▁checked ▁until ▁encoding ▁to ▁avoid ▁a ▁performance ▁penalty . ▁The ▁current ▁method ▁for ▁deal loc ▁assumes ▁that ▁encoding ▁succeeded ▁but segfault s ▁when ▁a ▁string ▁tens or ▁is ▁garbage ▁collected ▁whose ▁encoding ▁failed ( e . g . ▁due ▁to mismatch ed ▁dimensions ) . ▁To ▁fix ▁this ▁the ▁call ▁to ▁set ▁the finalize r ▁function ▁is ▁def err ed ▁until ▁` New T ensor ` ▁returns ▁and ▁if ▁encoding ▁failed ▁for ▁a ▁string ▁tens or ▁deal loc s ▁are ▁determined ▁based ▁on bytes ▁written . ▁We ▁have patched ▁the ▁issue ▁in GitHub ▁commit ▁87 21 ba 96 e 57 60 c 229 2 17 b 5 94 f 6 d 2 ba 332 be ed f 22 . ▁The ▁fix ▁will ▁be ▁included ▁in TensorFlow ▁2 . 6 . 0 . ▁We ▁will ▁also ch err y pick ▁this ▁commit ▁on TensorFlow ▁2 . 5 . 1 ▁which ▁is ▁the ▁other ▁affected ▁version . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions Go code can trigger a segfault in string deallocation. For string tensors `C.TF_TString_Dealloc` is called during garbage collection within a finalizer function. However tensor structure isn't checked until encoding to avoid a performance penalty. The current method for dealloc assumes that encoding succeeded but segfaults when a string tensor is garbage collected whose encoding failed (e.g. due to mismatched dimensions). To fix this the call to set the finalizer function is deferred until `NewTensor` returns and if encoding failed for a string tensor deallocs are determined based on bytes written. We have patched the issue in GitHub commit 8721ba96e5760c229217b594f6d2ba332beedf22. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1 which is the other affected version.
SHAP (words)
TensorFlow is an end- to- end open source platform for machine learning. In affected versions under certain conditions Go code can trigger a segfault in string deallocation. For string tensors ` C. TF_TString_Dealloc` is called during garbage collection within a finalizer function. However tensor structure isn' t checked until encoding to avoid a performance penalty. The current method for dealloc assumes that encoding succeeded but segfaults when a string tensor is garbage collected whose encoding failed ( e. g. due to mismatched dimensions). To fix this the call to set the finalizer function is deferred until ` NewTensor` returns and if encoding failed for a string tensor deallocs are determined based on bytes written. We have patched the issue in GitHub commit 8721ba96e5760c229217b594f6d2ba332beedf22. The fix will be included in TensorFlow 2. 6. 0. We will also cherrypick this commit on TensorFlow 2. 5. 1 which is the other affected version
lrp-bert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] TensorFlow is an end - to - end open source platform for machine learning . In affected versions under certain conditions Go code can trigger a segfault in string deal ##location . For string tensors ` C . T ##F _ T ##S ##tring _ Deal ##loc ` is called d uri ng garbage collection within a finalize r function . However tensor struct u ##re isn ' t checked until encoding to avoid a performance penalty . The current method for deal ##loc assumes that encoding succeeded but segfault s when a string tensor is garbage collected whose encoding failed ( e . g . due to mismatch ed dimensions ) . To fix this the call to set the finalize r function is def err ed until ` New ##T ##ens ##or ` returns and if encoding failed for a string tensor deal ##loc ##s are determined based on bytes written . We have patched the issue in GitHub commit 87 ##21 ##ba ##9 ##6 ##e ##5 ##7 ##60 ##c ##22 ##9 ##21 ##7 ##b ##5 ##9 ##4 ##f ##6 ##d ##2 ##ba ##33 ##2 ##bee ##d ##f ##22 . The fix will be included in TensorFlow 2 . 6 . 0 . We will also ch err y ##pic ##k this commit on TensorFlow 2 . 5 . 1 which is the other affected version . [SEP]
LRP (+Pred, pos-only)
[CLS] TensorFlow is an end - to - end open source platform for machine learning . In affected versions under certain conditions Go code can trigger a segfault in string deal ##location . For string tensors ` C . T ##F _ T ##S ##tring _ Deal ##loc ` is called d uri ng garbage collection within a finalize r function . However tensor struct u ##re isn ' t checked until encoding to avoid a performance penalty . The current method for deal ##loc assumes that encoding succeeded but segfault s when a string tensor is garbage collected whose encoding failed ( e . g . due to mismatch ed dimensions ) . To fix this the call to set the finalize r function is def err ed until ` New ##T ##ens ##or ` returns and if encoding failed for a string tensor deal ##loc ##s are determined based on bytes written . We have patched the issue in GitHub commit 87 ##21 ##ba ##9 ##6 ##e ##5 ##7 ##60 ##c ##22 ##9 ##21 ##7 ##b ##5 ##9 ##4 ##f ##6 ##d ##2 ##ba ##33 ##2 ##bee ##d ##f ##22 . The fix will be included in TensorFlow 2 . 6 . 0 . We will also ch err y ##pic ##k this commit on TensorFlow 2 . 5 . 1 which is the other affected version . [SEP]
LIME (words)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions Go code can trigger a segfault in string deallocation. For string tensors `C.TF_TString_Dealloc` is called during garbage collection within a finalizer function. However tensor structure isn't checked until encoding to avoid a performance penalty. The current method for dealloc assumes that encoding succeeded but segfaults when a string tensor is garbage collected whose encoding failed (e.g. due to mismatched dimensions). To fix this the call to set the finalizer function is deferred until `NewTensor` returns and if encoding failed for a string tensor deallocs are determined based on bytes written. We have patched the issue in GitHub commit 8721ba96e5760c229217b594f6d2ba332beedf22. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1 which is the other affected version.
SHAP (words)
TensorFlow is an end- to- end open source platform for machine learning. In affected versions under certain conditions Go code can trigger a segfault in string deallocation. For string tensors ` C. TF_TString_Dealloc` is called during garbage collection within a finalizer function. However tensor structure isn' t checked until encoding to avoid a performance penalty. The current method for dealloc assumes that encoding succeeded but segfaults when a string tensor is garbage collected whose encoding failed ( e. g. due to mismatched dimensions). To fix this the call to set the finalizer function is deferred until ` NewTensor` returns and if encoding failed for a string tensor deallocs are determined based on bytes written. We have patched the issue in GitHub commit 8721ba96e5760c229217b594f6d2ba332beedf22. The fix will be included in TensorFlow 2. 6. 0. We will also cherrypick this commit on TensorFlow 2. 5. 1 which is the other affected version
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] TensorFlow is an end - to - end open source platform for machine learning . In affected versions under certain conditions Go code can trigger a segfault in string deal ##location . For string tensors ` C . T ##F _ T ##S ##tring _ Deal ##loc ` is called d uri ng garbage collection within a finalize r function . However tensor struct u ##re isn ' t checked until encoding to avoid a performance penalty . The current method for deal ##loc assumes that encoding succeeded but segfault s when a string tensor is garbage collected whose encoding failed ( e . g . due to mismatch ed dimensions ) . To fix this the call to set the finalize r function is def err ed until ` New ##T ##ens ##or ` returns and if encoding failed for a string tensor deal ##loc ##s are determined based on bytes written . We have patched the issue in GitHub commit 87 ##21 ##ba ##9 ##6 ##e ##5 ##7 ##60 ##c ##22 ##9 ##21 ##7 ##b ##5 ##9 ##4 ##f ##6 ##d ##2 ##ba ##33 ##2 ##bee ##d ##f ##22 . The fix will be included in TensorFlow 2 . 6 . 0 . We will also ch err y ##pic ##k this commit on TensorFlow 2 . 5 . 1 which is the other affected version . [SEP]
LRP (+Pred, pos-only)
[CLS] TensorFlow is an end - to - end open source platform for machine learning . In affected versions under certain conditions Go code can trigger a segfault in string deal ##location . For string tensors ` C . T ##F _ T ##S ##tring _ Deal ##loc ` is called d uri ng garbage collection within a finalize r function . However tensor struct u ##re isn ' t checked until encoding to avoid a performance penalty . The current method for deal ##loc assumes that encoding succeeded but segfault s when a string tensor is garbage collected whose encoding failed ( e . g . due to mismatch ed dimensions ) . To fix this the call to set the finalize r function is def err ed until ` New ##T ##ens ##or ` returns and if encoding failed for a string tensor deal ##loc ##s are determined based on bytes written . We have patched the issue in GitHub commit 87 ##21 ##ba ##9 ##6 ##e ##5 ##7 ##60 ##c ##22 ##9 ##21 ##7 ##b ##5 ##9 ##4 ##f ##6 ##d ##2 ##ba ##33 ##2 ##bee ##d ##f ##22 . The fix will be included in TensorFlow 2 . 6 . 0 . We will also ch err y ##pic ##k this commit on TensorFlow 2 . 5 . 1 which is the other affected version . [SEP]
LIME (words)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions Go code can trigger a segfault in string deallocation. For string tensors `C.TF_TString_Dealloc` is called during garbage collection within a finalizer function. However tensor structure isn't checked until encoding to avoid a performance penalty. The current method for dealloc assumes that encoding succeeded but segfaults when a string tensor is garbage collected whose encoding failed (e.g. due to mismatched dimensions). To fix this the call to set the finalizer function is deferred until `NewTensor` returns and if encoding failed for a string tensor deallocs are determined based on bytes written. We have patched the issue in GitHub commit 8721ba96e5760c229217b594f6d2ba332beedf22. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1 which is the other affected version.
SHAP (words)
TensorFlow is an end- to- end open source platform for machine learning. In affected versions under certain conditions Go code can trigger a segfault in string deallocation. For string tensors ` C. TF_TString_Dealloc` is called during garbage collection within a finalizer function. However tensor structure isn' t checked until encoding to avoid a performance penalty. The current method for dealloc assumes that encoding succeeded but segfaults when a string tensor is garbage collected whose encoding failed ( e. g. due to mismatched dimensions). To fix this the call to set the finalizer function is deferred until ` NewTensor` returns and if encoding failed for a string tensor deallocs are determined based on bytes written. We have patched the issue in GitHub commit 8721ba96e5760c229217b594f6d2ba332beedf22. The fix will be included in TensorFlow 2. 6. 0. We will also cherrypick this commit on TensorFlow 2. 5. 1 which is the other affected version
#61 · cve_id CVE-2023-44358 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Adobe Acrobat ▁Reader ▁versions ▁23 . 00 6 . 20 3 60 ( and ▁earlier ) ▁and ▁20 . 00 5 . 30 5 24 ( and ▁earlier ) ▁are ▁affected ▁by ▁an out-of-bounds ▁read ▁vulnerability ▁that ▁could ▁lead ▁to ▁di sc los ure ▁of ▁sensitive ▁memory . ▁An ▁attacker ▁could ▁leverage ▁this ▁vulnerability ▁to ▁bypass mitigations ▁such ▁as ASLR . Exploitation ▁of ▁this ▁issue ▁requires ▁user ▁interaction ▁in ▁that ▁a ▁victim ▁must ▁open ▁a malicious ▁file . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SHAP (words)
Adobe Acrobat Reader versions 23. 006. 20360 ( and earlier) and 20. 005. 30524 ( and earlier) are affected by an out- of- bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Adobe Acrobat Reader versions 23 . 00 ##6 . 203 ##60 ( and earlier ) and 20 . 00 ##5 . 305 ##24 ( and earlier ) are affected by an out-of-bounds read vulnerability that could lead to di sc los ##ure of sensitive memory . An attacker could leverage this vulnerability to bypass mitigations such as ASLR . Exploitation of this issue requires user int era ##ction in that a victim must open a malicious file . [SEP]
LRP (+Pred, pos-only)
[CLS] Adobe Acrobat Reader versions 23 . 00 ##6 . 203 ##60 ( and earlier ) and 20 . 00 ##5 . 305 ##24 ( and earlier ) are affected by an out-of-bounds read vulnerability that could lead to di sc los ##ure of sensitive memory . An attacker could leverage this vulnerability to bypass mitigations such as ASLR . Exploitation of this issue requires user int era ##ction in that a victim must open a malicious file . [SEP]
LIME (words)
Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SHAP (words)
Adobe Acrobat Reader versions 23. 006. 20360 ( and earlier) and 20. 005. 30524 ( and earlier) are affected by an out- of- bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Adobe Acrobat Reader versions 23 . 00 ##6 . 203 ##60 ( and earlier ) and 20 . 00 ##5 . 305 ##24 ( and earlier ) are affected by an out-of-bounds read vulnerability that could lead to di sc los ##ure of sensitive memory . An attacker could leverage this vulnerability to bypass mitigations such as ASLR . Exploitation of this issue requires user int era ##ction in that a victim must open a malicious file . [SEP]
LRP (+Pred, pos-only)
[CLS] Adobe Acrobat Reader versions 23 . 00 ##6 . 203 ##60 ( and earlier ) and 20 . 00 ##5 . 305 ##24 ( and earlier ) are affected by an out-of-bounds read vulnerability that could lead to di sc los ##ure of sensitive memory . An attacker could leverage this vulnerability to bypass mitigations such as ASLR . Exploitation of this issue requires user int era ##ction in that a victim must open a malicious file . [SEP]
LIME (words)
Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SHAP (words)
Adobe Acrobat Reader versions 23. 006. 20360 ( and earlier) and 20. 005. 30524 ( and earlier) are affected by an out- of- bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file
#62 · cve_id CVE-2022-2860 · i
GT=HIGH (2)
xlnet · Pred=LOW (1) · p=0.96 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Insufficient ▁policy ▁enforcement ▁in Cookie s ▁in ▁Google Chrome ▁prior ▁to ▁104 . 0 . 51 12 . 101 ▁allowed ▁a ▁remote ▁attacker ▁to ▁bypass ▁cookie ▁prefix ▁restrictions ▁via ▁a ▁crafted HTML ▁page . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.
SHAP (words)
Insufficient policy enforcement in Cookies in Google Chrome prior to 104. 0. 5112. 101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page
lrp-bert · Pred=LOW (1) · p=0.97 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Insufficient policy enforcement in Cookie s in Google Chrome prior to 104 . 0 . 51 ##12 . 101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page . [SEP]
LRP (+Pred, pos-only)
[CLS] Insufficient policy enforcement in Cookie s in Google Chrome prior to 104 . 0 . 51 ##12 . 101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page . [SEP]
LIME (words)
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.
SHAP (words)
Insufficient policy enforcement in Cookies in Google Chrome prior to 104. 0. 5112. 101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page
lrp-distilbert · Pred=LOW (1) · p=0.96 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Insufficient policy enforcement in Cookie s in Google Chrome prior to 104 . 0 . 51 ##12 . 101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page . [SEP]
LRP (+Pred, pos-only)
[CLS] Insufficient policy enforcement in Cookie s in Google Chrome prior to 104 . 0 . 51 ##12 . 101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page . [SEP]
LIME (words)
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.
SHAP (words)
Insufficient policy enforcement in Cookies in Google Chrome prior to 104. 0. 5112. 101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page
#63 · cve_id CVE-2019-13740 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Incorrect ▁security UI ▁in ▁sharing ▁in ▁Google Chrome ▁prior ▁to ▁79 . 0 . 39 45 . 79 ▁allowed ▁a ▁remote ▁attacker ▁to ▁perform ▁domain spoofing ▁via ▁a ▁crafted HTML ▁page . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
SHAP (words)
Incorrect security UI in sharing in Google Chrome prior to 79. 0. 3945. 79 allowed a remote attacker to perform domain spoofing via a crafted HTML page
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Incorrect se ##c uri t ##y UI in sharing in Google Chrome prior to 79 . 0 . 39 ##45 . 79 allowed a remote attacker to perform domain spoofing via a crafted HTML page . [SEP]
LRP (+Pred, pos-only)
[CLS] Incorrect se ##c uri t ##y UI in sharing in Google Chrome prior to 79 . 0 . 39 ##45 . 79 allowed a remote attacker to perform domain spoofing via a crafted HTML page . [SEP]
LIME (words)
Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
SHAP (words)
Incorrect security UI in sharing in Google Chrome prior to 79. 0. 3945. 79 allowed a remote attacker to perform domain spoofing via a crafted HTML page
lrp-distilbert · Pred=HIGH (2) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Incorrect se ##c uri t ##y UI in sharing in Google Chrome prior to 79 . 0 . 39 ##45 . 79 allowed a remote attacker to perform domain spoofing via a crafted HTML page . [SEP]
LRP (+Pred, pos-only)
[CLS] Incorrect se ##c uri t ##y UI in sharing in Google Chrome prior to 79 . 0 . 39 ##45 . 79 allowed a remote attacker to perform domain spoofing via a crafted HTML page . [SEP]
LIME (words)
Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
SHAP (words)
Incorrect security UI in sharing in Google Chrome prior to 79. 0. 3945. 79 allowed a remote attacker to perform domain spoofing via a crafted HTML page
#64 · cve_id CVE-2023-29107 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁has ▁been ▁identified ▁in SIMATIC ▁Cloud ▁Connect ▁7 CC 7 12 ( All ▁versions > = ▁V 2 . 0 ▁< ▁V 2 . 1 ) SIMATIC ▁Cloud ▁Connect ▁7 CC 7 16 ( All ▁versions > = ▁V 2 . 0 ▁< ▁V 2 . 1 ) . ▁The ▁export endpoint discloses ▁some undocumented ▁files . ▁This ▁could ▁allow ▁an unauthenticated ▁remote ▁attacker ▁to ▁gain ▁access ▁to ▁additional ▁in for matio n ▁resources . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1) SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources.
SHAP (words)
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( All versions >= V2. 0 < V2. 1) SIMATIC Cloud Connect 7 CC716 ( All versions >= V2. 0 < V2. 1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been identified in SIMATIC Cloud Connect 7 CC ##7 ##12 ( All versions > = V ##2 . 0 < V ##2 . 1 ) SIMATIC Cloud Connect 7 CC ##7 ##16 ( All versions > = V ##2 . 0 < V ##2 . 1 ) . The export endpoint discloses some undocumented files . This could allow an unauthenticated remote attacker to gain access to additional info ##r matio n resources . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been identified in SIMATIC Cloud Connect 7 CC ##7 ##12 ( All versions > = V ##2 . 0 < V ##2 . 1 ) SIMATIC Cloud Connect 7 CC ##7 ##16 ( All versions > = V ##2 . 0 < V ##2 . 1 ) . The export endpoint discloses some undocumented files . This could allow an unauthenticated remote attacker to gain access to additional info ##r matio n resources . [SEP]
LIME (words)
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1) SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources.
SHAP (words)
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( All versions >= V2. 0 < V2. 1) SIMATIC Cloud Connect 7 CC716 ( All versions >= V2. 0 < V2. 1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been identified in SIMATIC Cloud Connect 7 CC ##7 ##12 ( All versions > = V ##2 . 0 < V ##2 . 1 ) SIMATIC Cloud Connect 7 CC ##7 ##16 ( All versions > = V ##2 . 0 < V ##2 . 1 ) . The export endpoint discloses some undocumented files . This could allow an unauthenticated remote attacker to gain access to additional info ##r matio n resources . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been identified in SIMATIC Cloud Connect 7 CC ##7 ##12 ( All versions > = V ##2 . 0 < V ##2 . 1 ) SIMATIC Cloud Connect 7 CC ##7 ##16 ( All versions > = V ##2 . 0 < V ##2 . 1 ) . The export endpoint discloses some undocumented files . This could allow an unauthenticated remote attacker to gain access to additional info ##r matio n resources . [SEP]
LIME (words)
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1) SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources.
SHAP (words)
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( All versions >= V2. 0 < V2. 1) SIMATIC Cloud Connect 7 CC716 ( All versions >= V2. 0 < V2. 1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources
#65 · cve_id CVE-2021-4307 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁was ▁found ▁in ▁Yo m gui there al ▁Ba o bab ▁up ▁to ▁2 . 6 . 0 . ▁It ▁has ▁been ▁declared ▁as ▁critical . Affected ▁by ▁this ▁vulnerability ▁is ▁an ▁unknown ▁functionality . ▁The ▁manipulation ▁leads ▁to improperly ▁controlled ▁modification ▁of ▁object ▁prototype ▁attributes ( ' pro to type ▁pollution ' ) . ▁The ▁attack ▁can ▁be ▁launched ▁remotely . ▁Up grad ing ▁to ▁version ▁2 . 6 . 1 ▁is ▁able ▁to ▁address ▁this ▁issue . ▁The ▁patch ▁is ▁named ▁c 56 63 95 32 a 92 3 d 9 a 1 600 f b 86 3 ec 75 51 b 188 b 5 d 19 . ▁It ▁is ▁recommended ▁to ▁upgrade ▁the ▁affected ▁component . ▁The ▁associated identifier ▁of ▁this ▁vulnerability ▁is ▁V DB - 2 176 27 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The patch is named c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627.
SHAP (words)
A vulnerability was found in Yomguithereal Baobab up to 2. 6. 0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes (' prototype pollution'). The attack can be launched remotely. Upgrading to version 2. 6. 1 is able to address this issue. The patch is named c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB- 217627
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability was found in Yo ##m ##gu ##ith ##ere ##al Ba ##ob ##ab up to 2 . 6 . 0 . It has been declared as critical . Affected by this vulnerability is an unknown functionality . The man ip ul ##ation leads to improperly controlled mod if ##ica ##tion of object prototype attributes ( ' prototype pollution ' ) . The attack can be launched remotely . Up ##grading to version 2 . 6 . 1 is able to address this issue . The patch is named c ##5 ##6 ##6 ##39 ##53 ##2 ##a ##9 ##23 ##d ##9 ##a ##16 ##00 ##f ##b ##86 ##3 ##ec ##75 ##51 ##b ##18 ##8 ##b ##5 ##d ##19 . It is recommended to upgrade the affected component . The associated identifier of this vulnerability is V ##D ##B - 217 ##6 ##27 . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability was found in Yo ##m ##gu ##ith ##ere ##al Ba ##ob ##ab up to 2 . 6 . 0 . It has been declared as critical . Affected by this vulnerability is an unknown functionality . The man ip ul ##ation leads to improperly controlled mod if ##ica ##tion of object prototype attributes ( ' prototype pollution ' ) . The attack can be launched remotely . Up ##grading to version 2 . 6 . 1 is able to address this issue . The patch is named c ##5 ##6 ##6 ##39 ##53 ##2 ##a ##9 ##23 ##d ##9 ##a ##16 ##00 ##f ##b ##86 ##3 ##ec ##75 ##51 ##b ##18 ##8 ##b ##5 ##d ##19 . It is recommended to upgrade the affected component . The associated identifier of this vulnerability is V ##D ##B - 217 ##6 ##27 . [SEP]
LIME (words)
A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The patch is named c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627.
SHAP (words)
A vulnerability was found in Yomguithereal Baobab up to 2. 6. 0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes (' prototype pollution'). The attack can be launched remotely. Upgrading to version 2. 6. 1 is able to address this issue. The patch is named c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB- 217627
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability was found in Yo ##m ##gu ##ith ##ere ##al Ba ##ob ##ab up to 2 . 6 . 0 . It has been declared as critical . Affected by this vulnerability is an unknown functionality . The man ip ul ##ation leads to improperly controlled mod if ##ica ##tion of object prototype attributes ( ' prototype pollution ' ) . The attack can be launched remotely . Up ##grading to version 2 . 6 . 1 is able to address this issue . The patch is named c ##5 ##6 ##6 ##39 ##53 ##2 ##a ##9 ##23 ##d ##9 ##a ##16 ##00 ##f ##b ##86 ##3 ##ec ##75 ##51 ##b ##18 ##8 ##b ##5 ##d ##19 . It is recommended to upgrade the affected component . The associated identifier of this vulnerability is V ##D ##B - 217 ##6 ##27 . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability was found in Yo ##m ##gu ##ith ##ere ##al Ba ##ob ##ab up to 2 . 6 . 0 . It has been declared as critical . Affected by this vulnerability is an unknown functionality . The man ip ul ##ation leads to improperly controlled mod if ##ica ##tion of object prototype attributes ( ' prototype pollution ' ) . The attack can be launched remotely . Up ##grading to version 2 . 6 . 1 is able to address this issue . The patch is named c ##5 ##6 ##6 ##39 ##53 ##2 ##a ##9 ##23 ##d ##9 ##a ##16 ##00 ##f ##b ##86 ##3 ##ec ##75 ##51 ##b ##18 ##8 ##b ##5 ##d ##19 . It is recommended to upgrade the affected component . The associated identifier of this vulnerability is V ##D ##B - 217 ##6 ##27 . [SEP]
LIME (words)
A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The patch is named c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627.
SHAP (words)
A vulnerability was found in Yomguithereal Baobab up to 2. 6. 0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes (' prototype pollution'). The attack can be launched remotely. Upgrading to version 2. 6. 1 is able to address this issue. The patch is named c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB- 217627
#66 · cve_id CVE-2021-45329 · i
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Cross ▁Site Scripting ( XSS ) ▁vulnerability ▁exists ▁in Gitea ▁before ▁1 . 5 . 1 ▁via ▁the repository ▁settings ▁in sid e ▁the ▁external wiki / issue ▁track er URL ▁field . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field.
SHAP (words)
Cross Site Scripting ( XSS) vulnerability exists in Gitea before 1. 5. 1 via the repository settings inside the external wiki/ issue tracker URL field
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross S ite Scripting ( XSS ) vulnerability exists in Gitea before 1 . 5 . 1 via the repository settings in sid e the external wiki / issue track ##er URL field . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross S ite Scripting ( XSS ) vulnerability exists in Gitea before 1 . 5 . 1 via the repository settings in sid e the external wiki / issue track ##er URL field . [SEP]
LIME (words)
Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field.
SHAP (words)
Cross Site Scripting ( XSS) vulnerability exists in Gitea before 1. 5. 1 via the repository settings inside the external wiki/ issue tracker URL field
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross S ite Scripting ( XSS ) vulnerability exists in Gitea before 1 . 5 . 1 via the repository settings in sid e the external wiki / issue track ##er URL field . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross S ite Scripting ( XSS ) vulnerability exists in Gitea before 1 . 5 . 1 via the repository settings in sid e the external wiki / issue track ##er URL field . [SEP]
LIME (words)
Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field.
SHAP (words)
Cross Site Scripting ( XSS) vulnerability exists in Gitea before 1. 5. 1 via the repository settings inside the external wiki/ issue tracker URL field
#67 · cve_id CVE-2022-48236 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In ▁MP 3 encoder ▁there ▁is ▁a ▁po ssi ble ▁out ▁of ▁bound s ▁read ▁due ▁to ▁a ▁mi ssi ng ▁bound s ▁check . ▁This ▁could ▁lead ▁to ▁local ▁denial ▁of ▁service ▁with ▁System ▁execution ▁privileges ▁needed . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In MP3 encoder there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
SHAP (words)
In MP3 encoder there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In MP ##3 encoder there is a p ##o ssi b ##le out of bounds read due to a mi ssi ng bounds check . This could lead to local denial of service with System exec u ##tion privileges needed . [SEP]
LRP (+Pred, pos-only)
[CLS] In MP ##3 encoder there is a p ##o ssi b ##le out of bounds read due to a mi ssi ng bounds check . This could lead to local denial of service with System exec u ##tion privileges needed . [SEP]
LIME (words)
In MP3 encoder there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
SHAP (words)
In MP3 encoder there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In MP ##3 encoder there is a p ##o ssi b ##le out of bounds read due to a mi ssi ng bounds check . This could lead to local denial of service with System exec u ##tion privileges needed . [SEP]
LRP (+Pred, pos-only)
[CLS] In MP ##3 encoder there is a p ##o ssi b ##le out of bounds read due to a mi ssi ng bounds check . This could lead to local denial of service with System exec u ##tion privileges needed . [SEP]
LIME (words)
In MP3 encoder there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
SHAP (words)
In MP3 encoder there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
#68 · cve_id CVE-2022-3160 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The ▁A PD FL . dll ▁contains ▁an out-of-bounds ▁write ▁past ▁the fixed-length heap-based ▁buffer ▁while parsing spec i ally ▁crafted ▁PDF ▁files . ▁This ▁could ▁allow ▁an ▁attacker ▁to ▁execute ▁code ▁in ▁the ▁context ▁of ▁the ▁current ▁process . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.
SHAP (words)
The APDFL. dll contains an out- of- bounds write past the fixed- length heap- based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The AP ##DF ##L . dll contains an out-of-bounds w ##r ite past the fixed-length heap-based buffer while parsing spec i ##ally crafted PDF files . This could allow an attacker to exec u ##te code in the context of the current process . [SEP]
LRP (+Pred, pos-only)
[CLS] The AP ##DF ##L . dll contains an out-of-bounds w ##r ite past the fixed-length heap-based buffer while parsing spec i ##ally crafted PDF files . This could allow an attacker to exec u ##te code in the context of the current process . [SEP]
LIME (words)
The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.
SHAP (words)
The APDFL. dll contains an out- of- bounds write past the fixed- length heap- based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The AP ##DF ##L . dll contains an out-of-bounds w ##r ite past the fixed-length heap-based buffer while parsing spec i ##ally crafted PDF files . This could allow an attacker to exec u ##te code in the context of the current process . [SEP]
LRP (+Pred, pos-only)
[CLS] The AP ##DF ##L . dll contains an out-of-bounds w ##r ite past the fixed-length heap-based buffer while parsing spec i ##ally crafted PDF files . This could allow an attacker to exec u ##te code in the context of the current process . [SEP]
LIME (words)
The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.
SHAP (words)
The APDFL. dll contains an out- of- bounds write past the fixed- length heap- based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process
#69 · cve_id CVE-2023-24574 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Dell ▁Enterprise SON i C ▁OS ▁3 . 5 . 3 ▁4 . 0 . 0 ▁4 . 0 . 1 ▁4 . 0 . 2 ▁contains ▁an " Uncontrolled ▁Resource Consumption ▁vulnerability " ▁in authentication ▁component . ▁An unauthenticated ▁remote ▁attacker ▁could ▁potentially ▁exploit ▁this ▁vulnerability ▁leading ▁to uncontrolled ▁resource ▁consumption ▁by ▁creating ▁permanent ▁home directories ▁for unauthenticated ▁users . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Dell Enterprise SONiC OS 3.5.3 4.0.0 4.0.1 4.0.2 contains an "Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users.
SHAP (words)
Dell Enterprise SONiC OS 3. 5. 3 4. 0. 0 4. 0. 1 4. 0. 2 contains an " Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Dell Enterprise S ##ON ##i ##C OS 3 . 5 . 3 4 . 0 . 0 4 . 0 . 1 4 . 0 . 2 contains an " Uncontrolled Resource Consumption vulnerability " in authentication component . An unauthenticated remote attacker could potentially exploit this vulnerability leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users . [SEP]
LRP (+Pred, pos-only)
[CLS] Dell Enterprise S ##ON ##i ##C OS 3 . 5 . 3 4 . 0 . 0 4 . 0 . 1 4 . 0 . 2 contains an " Uncontrolled Resource Consumption vulnerability " in authentication component . An unauthenticated remote attacker could potentially exploit this vulnerability leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users . [SEP]
LIME (words)
Dell Enterprise SONiC OS 3.5.3 4.0.0 4.0.1 4.0.2 contains an "Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users.
SHAP (words)
Dell Enterprise SONiC OS 3. 5. 3 4. 0. 0 4. 0. 1 4. 0. 2 contains an " Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Dell Enterprise S ##ON ##i ##C OS 3 . 5 . 3 4 . 0 . 0 4 . 0 . 1 4 . 0 . 2 contains an " Uncontrolled Resource Consumption vulnerability " in authentication component . An unauthenticated remote attacker could potentially exploit this vulnerability leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users . [SEP]
LRP (+Pred, pos-only)
[CLS] Dell Enterprise S ##ON ##i ##C OS 3 . 5 . 3 4 . 0 . 0 4 . 0 . 1 4 . 0 . 2 contains an " Uncontrolled Resource Consumption vulnerability " in authentication component . An unauthenticated remote attacker could potentially exploit this vulnerability leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users . [SEP]
LIME (words)
Dell Enterprise SONiC OS 3.5.3 4.0.0 4.0.1 4.0.2 contains an "Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users.
SHAP (words)
Dell Enterprise SONiC OS 3. 5. 3 4. 0. 0 4. 0. 1 4. 0. 2 contains an " Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users
#70 · cve_id CVE-2022-42087 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Tenda AX 18 03 ▁US _ AX 18 03 v 2 . 0 br _ v 1 . 0 . 0 . 1 _2 99 4 _ CN _ Z G Y D 01 _ 4 ▁is ▁vulnerable ▁to ▁Cross ▁Site Request Forgery ( CSRF ) ▁via ▁function ▁from S y s Tool ▁Re boo t . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
SHAP (words)
Tenda AX1803 US_AX1803v2. 0br_v1. 0. 0. 1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery ( CSRF) via function fromSysToolReboot
lrp-bert · Pred=NONE (0) · p=0.90 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Tenda AX 1803 US _ AX 1803 ##v ##2 . 0 ##b ##r _ v ##1 . 0 . 0 . 1 _ 29 ##9 ##4 _ CN _ Z ##G ##Y ##D ##01 _ 4 is vulnerable to Cross S ite Request Forgery ( CSRF ) via function from ##S ##ys Tool Re ##boo ##t . [SEP]
LRP (+Pred, pos-only)
[CLS] Tenda AX 1803 US _ AX 1803 ##v ##2 . 0 ##b ##r _ v ##1 . 0 . 0 . 1 _ 29 ##9 ##4 _ CN _ Z ##G ##Y ##D ##01 _ 4 is vulnerable to Cross S ite Request Forgery ( CSRF ) via function from ##S ##ys Tool Re ##boo ##t . [SEP]
LIME (words)
Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
SHAP (words)
Tenda AX1803 US_AX1803v2. 0br_v1. 0. 0. 1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery ( CSRF) via function fromSysToolReboot
lrp-distilbert · Pred=HIGH (2) · p=0.98 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Tenda AX 1803 US _ AX 1803 ##v ##2 . 0 ##b ##r _ v ##1 . 0 . 0 . 1 _ 29 ##9 ##4 _ CN _ Z ##G ##Y ##D ##01 _ 4 is vulnerable to Cross S ite Request Forgery ( CSRF ) via function from ##S ##ys Tool Re ##boo ##t . [SEP]
LRP (+Pred, pos-only)
[CLS] Tenda AX 1803 US _ AX 1803 ##v ##2 . 0 ##b ##r _ v ##1 . 0 . 0 . 1 _ 29 ##9 ##4 _ CN _ Z ##G ##Y ##D ##01 _ 4 is vulnerable to Cross S ite Request Forgery ( CSRF ) via function from ##S ##ys Tool Re ##boo ##t . [SEP]
LIME (words)
Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
SHAP (words)
Tenda AX1803 US_AX1803v2. 0br_v1. 0. 0. 1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery ( CSRF) via function fromSysToolReboot
#71 · cve_id CVE-2021-27693 · i
GT=HIGH (2)
xlnet · Pred=NONE (0) · p=0.96 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Server-side Request Forgery ( SSRF ) ▁vulnerability ▁in ▁Public CMS ▁before ▁4 . 0 . 20 2011 . b ▁via / public cms / admin / u ed itor ▁when ▁the ▁action ▁is ▁catch image . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.
SHAP (words)
Server- side Request Forgery ( SSRF) vulnerability in PublicCMS before 4. 0. 202011. b via / publiccms/ admin/ ueditor when the action is catchimage
lrp-bert · Pred=HIGH (2) · p=0.95 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Server-side Request Forgery ( SSRF ) vulnerability in Public CMS before 4 . 0 . 2020 ##11 . b via / public cms / admin / u ##ed ##itor when the action is catch ##ima ##ge . [SEP]
LRP (+Pred, pos-only)
[CLS] Server-side Request Forgery ( SSRF ) vulnerability in Public CMS before 4 . 0 . 2020 ##11 . b via / public cms / admin / u ##ed ##itor when the action is catch ##ima ##ge . [SEP]
LIME (words)
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.
SHAP (words)
Server- side Request Forgery ( SSRF) vulnerability in PublicCMS before 4. 0. 202011. b via / publiccms/ admin/ ueditor when the action is catchimage
lrp-distilbert · Pred=HIGH (2) · p=0.94 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Server-side Request Forgery ( SSRF ) vulnerability in Public CMS before 4 . 0 . 2020 ##11 . b via / public cms / admin / u ##ed ##itor when the action is catch ##ima ##ge . [SEP]
LRP (+Pred, pos-only)
[CLS] Server-side Request Forgery ( SSRF ) vulnerability in Public CMS before 4 . 0 . 2020 ##11 . b via / public cms / admin / u ##ed ##itor when the action is catch ##ima ##ge . [SEP]
LIME (words)
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.
SHAP (words)
Server- side Request Forgery ( SSRF) vulnerability in PublicCMS before 4. 0. 202011. b via / publiccms/ admin/ ueditor when the action is catchimage
#72 · cve_id CVE-2022-26794 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Windows ▁Print Spooler Elevation ▁of Privilege Vulnerability <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Windows Print Spooler Elevation of Privilege Vulnerability
SHAP (words)
Windows Print Spooler Elevation of Privilege Vulnerability
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Windows P ##r int Spooler Elevation of Privilege Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Windows P ##r int Spooler Elevation of Privilege Vulnerability [SEP]
LIME (words)
Windows Print Spooler Elevation of Privilege Vulnerability
SHAP (words)
Windows Print Spooler Elevation of Privilege Vulnerability
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Windows P ##r int Spooler Elevation of Privilege Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Windows P ##r int Spooler Elevation of Privilege Vulnerability [SEP]
LIME (words)
Windows Print Spooler Elevation of Privilege Vulnerability
SHAP (words)
Windows Print Spooler Elevation of Privilege Vulnerability
#73 · cve_id CVE-2023-40133 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In ▁multiple ▁locations ▁of Dialog ▁Fill U i . java ▁there ▁is ▁a ▁po ssi ble ▁way ▁to ▁view ▁another ▁user ' s ▁images ▁due ▁to ▁a confuse d ▁deputy . ▁This ▁could ▁lead ▁to ▁local ▁in for matio n ▁di sc los ure ▁with ▁no ▁additional ▁execution ▁privileges ▁needed . User ▁interaction ▁is ▁not ▁needed ▁for ▁exploitation . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In multiple locations of DialogFillUi.java there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
SHAP (words)
In multiple locations of DialogFillUi. java there is a possible way to view another user' s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In m ##ult ip le locations of Dialog Fi ##ll ##U ##i . java there is a p ##o ssi b ##le way to view another user ' s images due to a confuse d deputy . This could lead to local info ##r matio n di sc los ##ure with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . [SEP]
LRP (+Pred, pos-only)
[CLS] In m ##ult ip le locations of Dialog Fi ##ll ##U ##i . java there is a p ##o ssi b ##le way to view another user ' s images due to a confuse d deputy . This could lead to local info ##r matio n di sc los ##ure with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . [SEP]
LIME (words)
In multiple locations of DialogFillUi.java there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
SHAP (words)
In multiple locations of DialogFillUi. java there is a possible way to view another user' s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In m ##ult ip le locations of Dialog Fi ##ll ##U ##i . java there is a p ##o ssi b ##le way to view another user ' s images due to a confuse d deputy . This could lead to local info ##r matio n di sc los ##ure with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . [SEP]
LRP (+Pred, pos-only)
[CLS] In m ##ult ip le locations of Dialog Fi ##ll ##U ##i . java there is a p ##o ssi b ##le way to view another user ' s images due to a confuse d deputy . This could lead to local info ##r matio n di sc los ##ure with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . [SEP]
LIME (words)
In multiple locations of DialogFillUi.java there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
SHAP (words)
In multiple locations of DialogFillUi. java there is a possible way to view another user' s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation
#74 · cve_id CVE-2023-30731 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Log ic err ▁or ▁in ▁package ▁installation ▁via debugger ▁command ▁prior ▁to SMR ▁Oct - 20 23 ▁Release ▁1 ▁allows ▁physical ▁attacker ▁to ▁install ▁an ▁application ▁that ▁has diff er ent ▁build ▁type . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type.
SHAP (words)
Logic error in package installation via debugger command prior to SMR Oct- 2023 Release 1 allows physical attacker to install an application that has different build type
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Log i ##c err or in package installation via debugger command prior to SMR Oct - 202 ##3 Release 1 allows physical attacker to install an application that has diff er ##ent build type . [SEP]
LRP (+Pred, pos-only)
[CLS] Log i ##c err or in package installation via debugger command prior to SMR Oct - 202 ##3 Release 1 allows physical attacker to install an application that has diff er ##ent build type . [SEP]
LIME (words)
Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type.
SHAP (words)
Logic error in package installation via debugger command prior to SMR Oct- 2023 Release 1 allows physical attacker to install an application that has different build type
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Log i ##c err or in package installation via debugger command prior to SMR Oct - 202 ##3 Release 1 allows physical attacker to install an application that has diff er ##ent build type . [SEP]
LRP (+Pred, pos-only)
[CLS] Log i ##c err or in package installation via debugger command prior to SMR Oct - 202 ##3 Release 1 allows physical attacker to install an application that has diff er ##ent build type . [SEP]
LIME (words)
Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type.
SHAP (words)
Logic error in package installation via debugger command prior to SMR Oct- 2023 Release 1 allows physical attacker to install an application that has different build type
#75 · cve_id CVE-2021-2351 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Vulnerability ▁in ▁the Advan ced Networking Option ▁component ▁of ▁Oracle ▁Database ▁Server . Supported ▁versions ▁that ▁are ▁affected ▁are ▁12 . 1 . 0 . 2 ▁12 . 2 . 0 . 1 ▁and ▁19 c . Difficult ▁to ▁exploit ▁vulnerability ▁allows unauthenticated ▁attacker ▁with ▁network ▁access ▁via ▁Oracle ▁Net ▁to ▁compromise Advan ced Networking Option . Successful ▁attacks ▁require ▁human ▁interaction ▁from ▁a ▁person ▁other ▁than ▁the ▁attacker ▁and ▁while ▁the ▁vulnerability ▁is ▁in Advan ced Networking Option ▁attacks ▁may ▁significantly ▁impact ▁additional ▁products . Successful ▁attacks ▁of ▁this ▁vulnerability ▁can ▁result ▁in ▁takeover ▁of Advan ced Networking Option . ▁Note : ▁The ▁July ▁20 21 ▁Critical ▁Patch Update ▁introduces ▁a ▁number ▁of ▁Native ▁Network Encryption ▁changes ▁to ▁deal ▁with ▁vulnerability CVE - 20 21 - 235 1 ▁and ▁prevent ▁the ▁use ▁of ▁weaker ciphers . Customers ▁should ▁review : " Change s ▁in ▁Native ▁Network Encryption ▁with ▁the ▁July ▁20 21 ▁Critical ▁Patch Update " ( Do c ▁ID ▁27 9 15 71 . 1 ) . CVSS ▁3 . 1 ▁Base ▁Score ▁8 . 3 ( Con fid ential ity Integrity ▁and Availability ▁impacts ) . CVSS Vector : ( CVSS : 3 . 1/ AV : N / AC : H / PR : N / UI : R / S : C / C : H / I : H / A : H ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
SHAP (words)
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12. 1. 0. 2 12. 2. 0. 1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE- 2021- 2351 and prevent the use of weaker ciphers. Customers should review: " Changes in Native Network Encryption with the July 2021 Critical Patch Update" ( Doc ID 2791571. 1). CVSS 3. 1 Base Score 8. 3 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: H/ PR: N/ UI: R/ S: C/ C: H/ I: H/ A: H
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the Advan c ##ed Networking Option component of Oracle Da tab as ##e Server . Supported versions that are affected are 12 . 1 . 0 . 2 12 . 2 . 0 . 1 and 19 ##c . Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advan c ##ed Networking Option . Successful attacks require human int era ##ction from a person other than the attacker and while the vulnerability is in Advan c ##ed Networking Option attacks may significantly impact additional products . Successful attacks of this vulnerability can result in takeover of Advan c ##ed Networking Option . Note : The July 202 ##1 Critical Patch Update int rod ##uce ##s a number of Native Network Encryption changes to deal with vulnerability CVE - 202 ##1 - 235 ##1 and prevent the use of weaker ciphers . Customers should review : " Changes in Native Network Encryption with the July 202 ##1 Critical Patch Update " ( Doc ID 27 ##9 ##15 ##7 ##1 . 1 ) . CVSS 3 . 1 Base Score 8 . 3 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : H / PR : N / UI : R / S : C / C : H / I : H / A : H ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the Advan c ##ed Networking Option component of Oracle Da tab as ##e Server . Supported versions that are affected are 12 . 1 . 0 . 2 12 . 2 . 0 . 1 and 19 ##c . Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advan c ##ed Networking Option . Successful attacks require human int era ##ction from a person other than the attacker and while the vulnerability is in Advan c ##ed Networking Option attacks may significantly impact additional products . Successful attacks of this vulnerability can result in takeover of Advan c ##ed Networking Option . Note : The July 202 ##1 Critical Patch Update int rod ##uce ##s a number of Native Network Encryption changes to deal with vulnerability CVE - 202 ##1 - 235 ##1 and prevent the use of weaker ciphers . Customers should review : " Changes in Native Network Encryption with the July 202 ##1 Critical Patch Update " ( Doc ID 27 ##9 ##15 ##7 ##1 . 1 ) . CVSS 3 . 1 Base Score 8 . 3 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : H / PR : N / UI : R / S : C / C : H / I : H / A : H ) . [SEP]
LIME (words)
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
SHAP (words)
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12. 1. 0. 2 12. 2. 0. 1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE- 2021- 2351 and prevent the use of weaker ciphers. Customers should review: " Changes in Native Network Encryption with the July 2021 Critical Patch Update" ( Doc ID 2791571. 1). CVSS 3. 1 Base Score 8. 3 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: H/ PR: N/ UI: R/ S: C/ C: H/ I: H/ A: H
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the Advan c ##ed Networking Option component of Oracle Da tab as ##e Server . Supported versions that are affected are 12 . 1 . 0 . 2 12 . 2 . 0 . 1 and 19 ##c . Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advan c ##ed Networking Option . Successful attacks require human int era ##ction from a person other than the attacker and while the vulnerability is in Advan c ##ed Networking Option attacks may significantly impact additional products . Successful attacks of this vulnerability can result in takeover of Advan c ##ed Networking Option . Note : The July 202 ##1 Critical Patch Update int rod ##uce ##s a number of Native Network Encryption changes to deal with vulnerability CVE - 202 ##1 - 235 ##1 and prevent the use of weaker ciphers . Customers should review : " Changes in Native Network Encryption with the July 202 ##1 Critical Patch Update " ( Doc ID 27 ##9 ##15 ##7 ##1 . 1 ) . CVSS 3 . 1 Base Score 8 . 3 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : H / PR : N / UI : R / S : C / C : H / I : H / A : H ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the Advan c ##ed Networking Option component of Oracle Da tab as ##e Server . Supported versions that are affected are 12 . 1 . 0 . 2 12 . 2 . 0 . 1 and 19 ##c . Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advan c ##ed Networking Option . Successful attacks require human int era ##ction from a person other than the attacker and while the vulnerability is in Advan c ##ed Networking Option attacks may significantly impact additional products . Successful attacks of this vulnerability can result in takeover of Advan c ##ed Networking Option . Note : The July 202 ##1 Critical Patch Update int rod ##uce ##s a number of Native Network Encryption changes to deal with vulnerability CVE - 202 ##1 - 235 ##1 and prevent the use of weaker ciphers . Customers should review : " Changes in Native Network Encryption with the July 202 ##1 Critical Patch Update " ( Doc ID 27 ##9 ##15 ##7 ##1 . 1 ) . CVSS 3 . 1 Base Score 8 . 3 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : H / PR : N / UI : R / S : C / C : H / I : H / A : H ) . [SEP]
LIME (words)
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
SHAP (words)
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12. 1. 0. 2 12. 2. 0. 1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE- 2021- 2351 and prevent the use of weaker ciphers. Customers should review: " Changes in Native Network Encryption with the July 2021 Critical Patch Update" ( Doc ID 2791571. 1). CVSS 3. 1 Base Score 8. 3 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: H/ PR: N/ UI: R/ S: C/ C: H/ I: H/ A: H
#76 · cve_id CVE-2020-4089 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
HCL ▁Notes ▁is ▁vulnerable ▁to ▁an ▁in for matio n leakage ▁vulnerability ▁through ▁its ▁support ▁for ▁the ' mail to ' ▁protocol . ▁This ▁vulnerability ▁could ▁result ▁in ▁files ▁from ▁the ▁user ' s filesystem ▁or ▁connected ▁network filesystems ▁being ▁leaked ▁to ▁a ▁third ▁party . ▁All ▁versions ▁of HCL ▁Notes ▁9 ▁10 ▁and ▁11 ▁are ▁affected . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. This vulnerability could result in files from the user's filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9 10 and 11 are affected.
SHAP (words)
HCL Notes is vulnerable to an information leakage vulnerability through its support for the ' mailto' protocol. This vulnerability could result in files from the user' s filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9 10 and 11 are affected
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] HCL Notes is vulnerable to an info ##r matio n leakage vulnerability through its support for the ' mail ##to ' protocol . This vulnerability could result in files from the user ' s filesystem or connected network filesystems being leaked to a third party . All versions of HCL Notes 9 10 and 11 are affected . [SEP]
LRP (+Pred, pos-only)
[CLS] HCL Notes is vulnerable to an info ##r matio n leakage vulnerability through its support for the ' mail ##to ' protocol . This vulnerability could result in files from the user ' s filesystem or connected network filesystems being leaked to a third party . All versions of HCL Notes 9 10 and 11 are affected . [SEP]
LIME (words)
HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. This vulnerability could result in files from the user's filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9 10 and 11 are affected.
SHAP (words)
HCL Notes is vulnerable to an information leakage vulnerability through its support for the ' mailto' protocol. This vulnerability could result in files from the user' s filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9 10 and 11 are affected
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] HCL Notes is vulnerable to an info ##r matio n leakage vulnerability through its support for the ' mail ##to ' protocol . This vulnerability could result in files from the user ' s filesystem or connected network filesystems being leaked to a third party . All versions of HCL Notes 9 10 and 11 are affected . [SEP]
LRP (+Pred, pos-only)
[CLS] HCL Notes is vulnerable to an info ##r matio n leakage vulnerability through its support for the ' mail ##to ' protocol . This vulnerability could result in files from the user ' s filesystem or connected network filesystems being leaked to a third party . All versions of HCL Notes 9 10 and 11 are affected . [SEP]
LIME (words)
HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. This vulnerability could result in files from the user's filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9 10 and 11 are affected.
SHAP (words)
HCL Notes is vulnerable to an information leakage vulnerability through its support for the ' mailto' protocol. This vulnerability could result in files from the user' s filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9 10 and 11 are affected
#77 · cve_id CVE-2022-28508 · i
GT=LOW (1)
xlnet · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An XSS ▁issue ▁was ▁di sc ▁over ed ▁in browse r _ search _ plugin . php ▁in MantisBT ▁before ▁2 . 25 . 2 . ▁U ne sc ▁a ped ▁output ▁of ▁the ▁return param eter ▁allows ▁an ▁attacker ▁to inject ▁code ▁into ▁a ▁hidden ▁input ▁field . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
SHAP (words)
An XSS issue was discovered in browser_search_plugin. php in MantisBT before 2. 25. 2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field
lrp-bert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An XSS issue was di sc over ##ed in browse r _ search _ plugin . php in MantisBT before 2 . 25 . 2 . Un ##e sc a ##ped output of the return param et ##er allows an attacker to inject code int o a hidden input field . [SEP]
LRP (+Pred, pos-only)
[CLS] An XSS issue was di sc over ##ed in browse r _ search _ plugin . php in MantisBT before 2 . 25 . 2 . Un ##e sc a ##ped output of the return param et ##er allows an attacker to inject code int o a hidden input field . [SEP]
LIME (words)
An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
SHAP (words)
An XSS issue was discovered in browser_search_plugin. php in MantisBT before 2. 25. 2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field
lrp-distilbert · Pred=LOW (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An XSS issue was di sc over ##ed in browse r _ search _ plugin . php in MantisBT before 2 . 25 . 2 . Un ##e sc a ##ped output of the return param et ##er allows an attacker to inject code int o a hidden input field . [SEP]
LRP (+Pred, pos-only)
[CLS] An XSS issue was di sc over ##ed in browse r _ search _ plugin . php in MantisBT before 2 . 25 . 2 . Un ##e sc a ##ped output of the return param et ##er allows an attacker to inject code int o a hidden input field . [SEP]
LIME (words)
An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
SHAP (words)
An XSS issue was discovered in browser_search_plugin. php in MantisBT before 2. 25. 2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field
#78 · cve_id CVE-2021-40524 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.90 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In ▁Pure - FTP d ▁before ▁1 . 0 . 50 ▁an ▁incorrect max _ file size ▁quota ▁mechanism ▁in ▁the ▁server ▁allows ▁attackers ▁to upload ▁files ▁of unbounded ▁size ▁which ▁may ▁lead ▁to ▁denial ▁of ▁service ▁or ▁a ▁server ▁hang . ▁This ▁occurs ▁because ▁a ▁certain ▁greater - than - zero ▁test ▁does ▁not ▁anticipate ▁an init ial - 1 ▁value . ( Versions ▁1 . 0 . 23 ▁through ▁1 . 0 . 49 ▁are ▁affected . ) <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In Pure-FTPd before 1.0.50 an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)
SHAP (words)
In Pure- FTPd before 1. 0. 50 an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size which may lead to denial of service or a server hang. This occurs because a certain greater- than- zero test does not anticipate an initial - 1 value. ( Versions 1. 0. 23 through 1. 0. 49 are affected
lrp-bert · Pred=HIGH (2) · p=0.98 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In Pure - FTP d before 1 . 0 . 50 an incorrect max _ files ##ize quota mechanism in the server allows attackers to upload files of unbounded size which may lead to denial of service or a server hang . This occurs because a certain greater - than - zero test does not anti ##c ip ate an init i ##al - 1 value . ( Versions 1 . 0 . 23 through 1 . 0 . 49 are affected . ) [SEP]
LRP (+Pred, pos-only)
[CLS] In Pure - FTP d before 1 . 0 . 50 an incorrect max _ files ##ize quota mechanism in the server allows attackers to upload files of unbounded size which may lead to denial of service or a server hang . This occurs because a certain greater - than - zero test does not anti ##c ip ate an init i ##al - 1 value . ( Versions 1 . 0 . 23 through 1 . 0 . 49 are affected . ) [SEP]
LIME (words)
In Pure-FTPd before 1.0.50 an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)
SHAP (words)
In Pure- FTPd before 1. 0. 50 an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size which may lead to denial of service or a server hang. This occurs because a certain greater- than- zero test does not anticipate an initial - 1 value. ( Versions 1. 0. 23 through 1. 0. 49 are affected
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In Pure - FTP d before 1 . 0 . 50 an incorrect max _ files ##ize quota mechanism in the server allows attackers to upload files of unbounded size which may lead to denial of service or a server hang . This occurs because a certain greater - than - zero test does not anti ##c ip ate an init i ##al - 1 value . ( Versions 1 . 0 . 23 through 1 . 0 . 49 are affected . ) [SEP]
LRP (+Pred, pos-only)
[CLS] In Pure - FTP d before 1 . 0 . 50 an incorrect max _ files ##ize quota mechanism in the server allows attackers to upload files of unbounded size which may lead to denial of service or a server hang . This occurs because a certain greater - than - zero test does not anti ##c ip ate an init i ##al - 1 value . ( Versions 1 . 0 . 23 through 1 . 0 . 49 are affected . ) [SEP]
LIME (words)
In Pure-FTPd before 1.0.50 an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)
SHAP (words)
In Pure- FTPd before 1. 0. 50 an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size which may lead to denial of service or a server hang. This occurs because a certain greater- than- zero test does not anticipate an initial - 1 value. ( Versions 1. 0. 23 through 1. 0. 49 are affected
#79 · cve_id CVE-2017-8060 · i
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Accept ance ▁of ▁invalid / self-signed TLS ▁certificates ▁in " Panda ▁Mobile ▁Security " ▁1 . 1 ▁for ▁iOS ▁allows ▁a man-in-the-middle ▁and / or ▁physically proximate ▁attacker ▁to ▁silently ▁intercept ▁in for matio n ▁sent ▁during ▁the login ▁API ▁call . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.
SHAP (words)
Acceptance of invalid/ self- signed TLS certificates in " Panda Mobile Security" 1. 1 for iOS allows a man- in- the- middle and/ or physically proximate attacker to silently intercept information sent during the login API call
lrp-bert · Pred=NONE (0) · p=0.95 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A ##cc ##ept ##ance of invalid / self-signed TLS certificates in " Panda Mobile Se ##c uri t ##y " 1 . 1 for iOS allows a man-in-the-middle and / or physically proximate attacker to silently int er ##ce ##pt info ##r matio n sent d uri ng the login A PI call . [SEP]
LRP (+Pred, pos-only)
[CLS] A ##cc ##ept ##ance of invalid / self-signed TLS certificates in " Panda Mobile Se ##c uri t ##y " 1 . 1 for iOS allows a man-in-the-middle and / or physically proximate attacker to silently int er ##ce ##pt info ##r matio n sent d uri ng the login A PI call . [SEP]
LIME (words)
Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.
SHAP (words)
Acceptance of invalid/ self- signed TLS certificates in " Panda Mobile Security" 1. 1 for iOS allows a man- in- the- middle and/ or physically proximate attacker to silently intercept information sent during the login API call
lrp-distilbert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A ##cc ##ept ##ance of invalid / self-signed TLS certificates in " Panda Mobile Se ##c uri t ##y " 1 . 1 for iOS allows a man-in-the-middle and / or physically proximate attacker to silently int er ##ce ##pt info ##r matio n sent d uri ng the login A PI call . [SEP]
LRP (+Pred, pos-only)
[CLS] A ##cc ##ept ##ance of invalid / self-signed TLS certificates in " Panda Mobile Se ##c uri t ##y " 1 . 1 for iOS allows a man-in-the-middle and / or physically proximate attacker to silently int er ##ce ##pt info ##r matio n sent d uri ng the login A PI call . [SEP]
LIME (words)
Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.
SHAP (words)
Acceptance of invalid/ self- signed TLS certificates in " Panda Mobile Security" 1. 1 for iOS allows a man- in- the- middle and/ or physically proximate attacker to silently intercept information sent during the login API call
#80 · cve_id CVE-2020-10546 · i
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.95 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
rConfig ▁3 . 9 . 4 ▁and ▁previous ▁versions ▁has unauthenticated ▁compliance poli cies . inc . php SQL inject ion . ▁Because ▁by ▁default ▁nodes ' passwords ▁are ▁stored ▁in cleartext ▁this ▁vulnerability ▁leads ▁to lateral ▁movement ▁granting ▁an ▁attacker ▁access ▁to ▁monitored ▁network ▁devices . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because by default nodes' passwords are stored in cleartext this vulnerability leads to lateral movement granting an attacker access to monitored network devices.
SHAP (words)
rConfig 3. 9. 4 and previous versions has unauthenticated compliancepolicies. inc. php SQL injection. Because by default nodes' passwords are stored in cleartext this vulnerability leads to lateral movement granting an attacker access to monitored network devices
lrp-bert · Pred=HIGH (2) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] rConfig 3 . 9 . 4 and previous versions has unauthenticated compliance ##poli ##cies . in ##c . php SQL inject ion . Because by default nodes ' passwords are stored in cleartext this vulnerability leads to lateral movement granting an attacker access to monitored network dev ice ##s . [SEP]
LRP (+Pred, pos-only)
[CLS] rConfig 3 . 9 . 4 and previous versions has unauthenticated compliance ##poli ##cies . in ##c . php SQL inject ion . Because by default nodes ' passwords are stored in cleartext this vulnerability leads to lateral movement granting an attacker access to monitored network dev ice ##s . [SEP]
LIME (words)
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because by default nodes' passwords are stored in cleartext this vulnerability leads to lateral movement granting an attacker access to monitored network devices.
SHAP (words)
rConfig 3. 9. 4 and previous versions has unauthenticated compliancepolicies. inc. php SQL injection. Because by default nodes' passwords are stored in cleartext this vulnerability leads to lateral movement granting an attacker access to monitored network devices
lrp-distilbert · Pred=HIGH (2) · p=0.90 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] rConfig 3 . 9 . 4 and previous versions has unauthenticated compliance ##poli ##cies . in ##c . php SQL inject ion . Because by default nodes ' passwords are stored in cleartext this vulnerability leads to lateral movement granting an attacker access to monitored network dev ice ##s . [SEP]
LRP (+Pred, pos-only)
[CLS] rConfig 3 . 9 . 4 and previous versions has unauthenticated compliance ##poli ##cies . in ##c . php SQL inject ion . Because by default nodes ' passwords are stored in cleartext this vulnerability leads to lateral movement granting an attacker access to monitored network dev ice ##s . [SEP]
LIME (words)
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because by default nodes' passwords are stored in cleartext this vulnerability leads to lateral movement granting an attacker access to monitored network devices.
SHAP (words)
rConfig 3. 9. 4 and previous versions has unauthenticated compliancepolicies. inc. php SQL injection. Because by default nodes' passwords are stored in cleartext this vulnerability leads to lateral movement granting an attacker access to monitored network devices